index.html 58 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
  1. <!DOCTYPE html>
  2. <html lang="zh-CN">
  3. <head>
  4. <meta charset="utf-8">
  5. <meta name="viewport" content="width=device-width,initial-scale=1">
  6. <title>XSRF 防御 | 彪哥博客</title>
  7. <meta name="generator" content="VuePress 1.9.5">
  8. <link rel="icon" href="/blog/img/favicon.ico">
  9. <meta name="description" content="web前端技术博客,专注web前端学习与总结。JavaScript,js,ES6,TypeScript,vue,React,python,css3,html5,Node,git,github等技术文章。">
  10. <meta name="keywords" content="前端博客,个人技术博客,前端,前端开发,前端框架,web前端,前端面试题,技术文档,学习,面试,JavaScript,js,ES6,TypeScript,vue,python,css3,html5,Node,git,github,markdown">
  11. <meta name="theme-color" content="#11a8cd">
  12. <link rel="preload" href="/blog/assets/css/0.styles.cf6c3304.css" as="style"><link rel="preload" href="/blog/assets/js/app.b419507c.js" as="script"><link rel="preload" href="/blog/assets/js/2.602aac03.js" as="script"><link rel="preload" href="/blog/assets/js/191.f19beada.js" as="script"><link rel="prefetch" href="/blog/assets/js/10.05bc42d6.js"><link rel="prefetch" href="/blog/assets/js/100.93782085.js"><link rel="prefetch" href="/blog/assets/js/101.49f33592.js"><link rel="prefetch" href="/blog/assets/js/102.b391aaca.js"><link rel="prefetch" href="/blog/assets/js/103.b5c297df.js"><link rel="prefetch" href="/blog/assets/js/104.1b8956b0.js"><link rel="prefetch" href="/blog/assets/js/105.4af5ed2a.js"><link rel="prefetch" href="/blog/assets/js/106.f5ff0141.js"><link rel="prefetch" href="/blog/assets/js/107.9b0935ed.js"><link rel="prefetch" href="/blog/assets/js/108.a3b3e687.js"><link rel="prefetch" href="/blog/assets/js/109.0faeea62.js"><link rel="prefetch" href="/blog/assets/js/11.803b5050.js"><link rel="prefetch" href="/blog/assets/js/110.05696e77.js"><link rel="prefetch" href="/blog/assets/js/111.33bbfeaf.js"><link rel="prefetch" href="/blog/assets/js/112.cc349461.js"><link rel="prefetch" href="/blog/assets/js/113.ee6a59a5.js"><link rel="prefetch" href="/blog/assets/js/114.837d6a71.js"><link rel="prefetch" href="/blog/assets/js/115.035a54c0.js"><link rel="prefetch" href="/blog/assets/js/116.bffbfdca.js"><link rel="prefetch" href="/blog/assets/js/117.effbf98c.js"><link rel="prefetch" href="/blog/assets/js/118.a2ce28a1.js"><link rel="prefetch" href="/blog/assets/js/119.da6e315d.js"><link rel="prefetch" href="/blog/assets/js/12.68f9aa15.js"><link rel="prefetch" href="/blog/assets/js/120.edc4f23e.js"><link rel="prefetch" href="/blog/assets/js/121.67388947.js"><link rel="prefetch" href="/blog/assets/js/122.0e892f37.js"><link rel="prefetch" href="/blog/assets/js/123.9c12e399.js"><link rel="prefetch" href="/blog/assets/js/124.e265d82a.js"><link rel="prefetch" href="/blog/assets/js/125.07ad81ea.js"><link rel="prefetch" href="/blog/assets/js/126.30be0256.js"><link rel="prefetch" href="/blog/assets/js/127.daf6f659.js"><link rel="prefetch" href="/blog/assets/js/128.c3aa5522.js"><link rel="prefetch" href="/blog/assets/js/129.60c2ac70.js"><link rel="prefetch" href="/blog/assets/js/13.b2f4726e.js"><link rel="prefetch" href="/blog/assets/js/130.283b36c2.js"><link rel="prefetch" href="/blog/assets/js/131.36fd29f9.js"><link rel="prefetch" href="/blog/assets/js/132.aa486fed.js"><link rel="prefetch" href="/blog/assets/js/133.5244b658.js"><link rel="prefetch" href="/blog/assets/js/134.5d546ce7.js"><link rel="prefetch" href="/blog/assets/js/135.efe5189e.js"><link rel="prefetch" href="/blog/assets/js/136.0e15e278.js"><link rel="prefetch" href="/blog/assets/js/137.9ed0177b.js"><link rel="prefetch" href="/blog/assets/js/138.0b8bc204.js"><link rel="prefetch" href="/blog/assets/js/139.cc005358.js"><link rel="prefetch" href="/blog/assets/js/14.8dc92978.js"><link rel="prefetch" href="/blog/assets/js/140.bc32a870.js"><link rel="prefetch" href="/blog/assets/js/141.acfd1af2.js"><link rel="prefetch" href="/blog/assets/js/142.4acb4dd6.js"><link rel="prefetch" href="/blog/assets/js/143.8182807e.js"><link rel="prefetch" href="/blog/assets/js/144.20a6c974.js"><link rel="prefetch" href="/blog/assets/js/145.f3a9911c.js"><link rel="prefetch" href="/blog/assets/js/146.3ed86675.js"><link rel="prefetch" href="/blog/assets/js/147.fa9b3898.js"><link rel="prefetch" href="/blog/assets/js/148.f498d3e2.js"><link rel="prefetch" href="/blog/assets/js/149.3fe441c6.js"><link rel="prefetch" href="/blog/assets/js/15.c32eb5e6.js"><link rel="prefetch" href="/blog/assets/js/150.6d73379d.js"><link rel="prefetch" href="/blog/assets/js/151.4916058e.js"><link rel="prefetch" href="/blog/assets/js/152.42f788ce.js"><link rel="prefetch" href="/blog/assets/js/153.57ac80e4.js"><link rel="prefetch" href="/blog/assets/js/154.46b3a2b3.js"><link rel="prefetch" href="/blog/assets/js/155.f16ed794.js"><link rel="prefetch" href="/blog/assets/js/156.7004ac8c.js"><link rel="prefetch" href="/blog/assets/js/157.54029a82.js"><link rel="prefetch" href="/blog/assets/js/158.d1a36e56.js"><link rel="prefetch" href="/blog/assets/js/159.e3aba89f.js"><link rel="prefetch" href="/blog/assets/js/16.ce96f674.js"><link rel="prefetch" href="/blog/assets/js/160.da511416.js"><link rel="prefetch" href="/blog/assets/js/161.e4fc79bf.js"><link rel="prefetch" href="/blog/assets/js/162.f214074e.js"><link rel="prefetch" href="/blog/assets/js/163.4bf1ce2d.js"><link rel="prefetch" href="/blog/assets/js/164.50c2a26a.js"><link rel="prefetch" href="/blog/assets/js/165.3fadd30d.js"><link rel="prefetch" href="/blog/assets/js/166.b46fceba.js"><link rel="prefetch" href="/blog/assets/js/167.6c6747d8.js"><link rel="prefetch" href="/blog/assets/js/168.87ccce63.js"><link rel="prefetch" href="/blog/assets/js/169.e1e1c58b.js"><link rel="prefetch" href="/blog/assets/js/17.a693fe7f.js"><link rel="prefetch" href="/blog/assets/js/170.755abdff.js"><link rel="prefetch" href="/blog/assets/js/171.a6b69067.js"><link rel="prefetch" href="/blog/assets/js/172.52c10d67.js"><link rel="prefetch" href="/blog/assets/js/173.568ec26d.js"><link rel="prefetch" href="/blog/assets/js/174.f6ff5c51.js"><link rel="prefetch" href="/blog/assets/js/175.f2d646a9.js"><link rel="prefetch" href="/blog/assets/js/176.2fd93f9c.js"><link rel="prefetch" href="/blog/assets/js/177.fc5683f6.js"><link rel="prefetch" href="/blog/assets/js/178.432e7e1f.js"><link rel="prefetch" href="/blog/assets/js/179.e63b01b0.js"><link rel="prefetch" href="/blog/assets/js/18.6df3c873.js"><link rel="prefetch" href="/blog/assets/js/180.7a136172.js"><link rel="prefetch" href="/blog/assets/js/181.6e78e56b.js"><link rel="prefetch" href="/blog/assets/js/182.73d2f94a.js"><link rel="prefetch" href="/blog/assets/js/183.dce8f42f.js"><link rel="prefetch" href="/blog/assets/js/184.94ec7685.js"><link rel="prefetch" href="/blog/assets/js/185.c3561080.js"><link rel="prefetch" href="/blog/assets/js/186.63b6c4b4.js"><link rel="prefetch" href="/blog/assets/js/187.b1ca4046.js"><link rel="prefetch" href="/blog/assets/js/188.6525cd10.js"><link rel="prefetch" href="/blog/assets/js/189.fdd57a16.js"><link rel="prefetch" href="/blog/assets/js/19.6ffd68ce.js"><link rel="prefetch" href="/blog/assets/js/190.8d9ac4f5.js"><link rel="prefetch" href="/blog/assets/js/192.bcd02302.js"><link rel="prefetch" href="/blog/assets/js/193.05afb721.js"><link rel="prefetch" href="/blog/assets/js/194.698e74d2.js"><link rel="prefetch" href="/blog/assets/js/195.70ee23b9.js"><link rel="prefetch" href="/blog/assets/js/196.14c12f32.js"><link rel="prefetch" href="/blog/assets/js/197.52e07cb7.js"><link rel="prefetch" href="/blog/assets/js/198.6312a976.js"><link rel="prefetch" href="/blog/assets/js/199.600b8211.js"><link rel="prefetch" href="/blog/assets/js/20.d994b814.js"><link rel="prefetch" href="/blog/assets/js/200.1658389e.js"><link rel="prefetch" href="/blog/assets/js/201.f2ecc5d4.js"><link rel="prefetch" href="/blog/assets/js/202.05a5bb1c.js"><link rel="prefetch" href="/blog/assets/js/203.893b83ad.js"><link rel="prefetch" href="/blog/assets/js/204.a90c3691.js"><link rel="prefetch" href="/blog/assets/js/205.d82fb971.js"><link rel="prefetch" href="/blog/assets/js/206.00e0b021.js"><link rel="prefetch" href="/blog/assets/js/207.a5dbb279.js"><link rel="prefetch" href="/blog/assets/js/208.d15bb006.js"><link rel="prefetch" href="/blog/assets/js/209.00d63e46.js"><link rel="prefetch" href="/blog/assets/js/21.2587b99c.js"><link rel="prefetch" href="/blog/assets/js/210.b256d7b8.js"><link rel="prefetch" href="/blog/assets/js/211.be264f59.js"><link rel="prefetch" href="/blog/assets/js/212.9956352d.js"><link rel="prefetch" href="/blog/assets/js/213.6144a981.js"><link rel="prefetch" href="/blog/assets/js/214.926fcb0b.js"><link rel="prefetch" href="/blog/assets/js/215.19148b26.js"><link rel="prefetch" href="/blog/assets/js/216.f56e94aa.js"><link rel="prefetch" href="/blog/assets/js/217.c5a75265.js"><link rel="prefetch" href="/blog/assets/js/218.1d08fa09.js"><link rel="prefetch" href="/blog/assets/js/219.11d14310.js"><link rel="prefetch" href="/blog/assets/js/22.cbb873e2.js"><link rel="prefetch" href="/blog/assets/js/220.31c10a26.js"><link rel="prefetch" href="/blog/assets/js/221.b95f8a68.js"><link rel="prefetch" href="/blog/assets/js/222.79b831b9.js"><link rel="prefetch" href="/blog/assets/js/223.23d684a8.js"><link rel="prefetch" href="/blog/assets/js/224.86b7a46d.js"><link rel="prefetch" href="/blog/assets/js/225.ba05abd3.js"><link rel="prefetch" href="/blog/assets/js/226.759b748e.js"><link rel="prefetch" href="/blog/assets/js/227.c26a7240.js"><link rel="prefetch" href="/blog/assets/js/228.de29829d.js"><link rel="prefetch" href="/blog/assets/js/229.83cf7341.js"><link rel="prefetch" href="/blog/assets/js/23.3392ec01.js"><link rel="prefetch" href="/blog/assets/js/230.d239ed00.js"><link rel="prefetch" href="/blog/assets/js/231.ddfd0758.js"><link rel="prefetch" href="/blog/assets/js/232.6b57acfb.js"><link rel="prefetch" href="/blog/assets/js/233.a104a750.js"><link rel="prefetch" href="/blog/assets/js/234.3d041b0e.js"><link rel="prefetch" href="/blog/assets/js/235.9e19c5d0.js"><link rel="prefetch" href="/blog/assets/js/236.9f300061.js"><link rel="prefetch" href="/blog/assets/js/237.9fb8d4bd.js"><link rel="prefetch" href="/blog/assets/js/238.ceec05fc.js"><link rel="prefetch" href="/blog/assets/js/24.736495d8.js"><link rel="prefetch" href="/blog/assets/js/25.8f5cf322.js"><link rel="prefetch" href="/blog/assets/js/26.67d8ecd5.js"><link rel="prefetch" href="/blog/assets/js/27.05800199.js"><link rel="prefetch" href="/blog/assets/js/28.72a4cebd.js"><link rel="prefetch" href="/blog/assets/js/29.f8d2f7c1.js"><link rel="prefetch" href="/blog/assets/js/3.aec45124.js"><link rel="prefetch" href="/blog/assets/js/30.0ac25def.js"><link rel="prefetch" href="/blog/assets/js/31.4d385616.js"><link rel="prefetch" href="/blog/assets/js/32.ab6922e1.js"><link rel="prefetch" href="/blog/assets/js/33.22aedb73.js"><link rel="prefetch" href="/blog/assets/js/34.1176b400.js"><link rel="prefetch" href="/blog/assets/js/35.d4d05428.js"><link rel="prefetch" href="/blog/assets/js/36.6dd0dde1.js"><link rel="prefetch" href="/blog/assets/js/37.4af0c50a.js"><link rel="prefetch" href="/blog/assets/js/38.1a98317a.js"><link rel="prefetch" href="/blog/assets/js/39.8383d231.js"><link rel="prefetch" href="/blog/assets/js/4.6a499ed7.js"><link rel="prefetch" href="/blog/assets/js/40.ea1ea46b.js"><link rel="prefetch" href="/blog/assets/js/41.29846640.js"><link rel="prefetch" href="/blog/assets/js/42.9c906181.js"><link rel="prefetch" href="/blog/assets/js/43.344bd56a.js"><link rel="prefetch" href="/blog/assets/js/44.e23af589.js"><link rel="prefetch" href="/blog/assets/js/45.fa09e088.js"><link rel="prefetch" href="/blog/assets/js/46.ddf18f6d.js"><link rel="prefetch" href="/blog/assets/js/47.593a3a96.js"><link rel="prefetch" href="/blog/assets/js/48.fb21c024.js"><link rel="prefetch" href="/blog/assets/js/49.5bb86e0c.js"><link rel="prefetch" href="/blog/assets/js/5.48f0d794.js"><link rel="prefetch" href="/blog/assets/js/50.0fb55bed.js"><link rel="prefetch" href="/blog/assets/js/51.a38b4abd.js"><link rel="prefetch" href="/blog/assets/js/52.70f6922c.js"><link rel="prefetch" href="/blog/assets/js/53.c7e04159.js"><link rel="prefetch" href="/blog/assets/js/54.ff09ad12.js"><link rel="prefetch" href="/blog/assets/js/55.57d17d47.js"><link rel="prefetch" href="/blog/assets/js/56.a58b3cc3.js"><link rel="prefetch" href="/blog/assets/js/57.9de5f95b.js"><link rel="prefetch" href="/blog/assets/js/58.d15857bf.js"><link rel="prefetch" href="/blog/assets/js/59.ff3f0900.js"><link rel="prefetch" href="/blog/assets/js/6.1505523f.js"><link rel="prefetch" href="/blog/assets/js/60.bc9edb0a.js"><link rel="prefetch" href="/blog/assets/js/61.ec369f58.js"><link rel="prefetch" href="/blog/assets/js/62.75c1dd19.js"><link rel="prefetch" href="/blog/assets/js/63.a932b576.js"><link rel="prefetch" href="/blog/assets/js/64.d821c8d4.js"><link rel="prefetch" href="/blog/assets/js/65.c48ce70a.js"><link rel="prefetch" href="/blog/assets/js/66.6fc46ec0.js"><link rel="prefetch" href="/blog/assets/js/67.5a70400c.js"><link rel="prefetch" href="/blog/assets/js/68.6a172c1e.js"><link rel="prefetch" href="/blog/assets/js/69.d878fdd4.js"><link rel="prefetch" href="/blog/assets/js/7.b38bde58.js"><link rel="prefetch" href="/blog/assets/js/70.61fcea39.js"><link rel="prefetch" href="/blog/assets/js/71.b4f867d8.js"><link rel="prefetch" href="/blog/assets/js/72.d6eafa00.js"><link rel="prefetch" href="/blog/assets/js/73.7937e89b.js"><link rel="prefetch" href="/blog/assets/js/74.3ff087d7.js"><link rel="prefetch" href="/blog/assets/js/75.97ca5f60.js"><link rel="prefetch" href="/blog/assets/js/76.ece1fc97.js"><link rel="prefetch" href="/blog/assets/js/77.95cdf309.js"><link rel="prefetch" href="/blog/assets/js/78.da225d8a.js"><link rel="prefetch" href="/blog/assets/js/79.ae629400.js"><link rel="prefetch" href="/blog/assets/js/8.f710ef8c.js"><link rel="prefetch" href="/blog/assets/js/80.cf6d2811.js"><link rel="prefetch" href="/blog/assets/js/81.6c5fdca6.js"><link rel="prefetch" href="/blog/assets/js/82.245ed394.js"><link rel="prefetch" href="/blog/assets/js/83.4b549b0f.js"><link rel="prefetch" href="/blog/assets/js/84.17cebe69.js"><link rel="prefetch" href="/blog/assets/js/85.b1179a10.js"><link rel="prefetch" href="/blog/assets/js/86.ad526400.js"><link rel="prefetch" href="/blog/assets/js/87.2eef9fa1.js"><link rel="prefetch" href="/blog/assets/js/88.92f778ed.js"><link rel="prefetch" href="/blog/assets/js/89.efe59f09.js"><link rel="prefetch" href="/blog/assets/js/9.bf9d8b8d.js"><link rel="prefetch" href="/blog/assets/js/90.26e610ca.js"><link rel="prefetch" href="/blog/assets/js/91.f78cb514.js"><link rel="prefetch" href="/blog/assets/js/92.d7983929.js"><link rel="prefetch" href="/blog/assets/js/93.20272a60.js"><link rel="prefetch" href="/blog/assets/js/94.245150bc.js"><link rel="prefetch" href="/blog/assets/js/95.6f0e48c2.js"><link rel="prefetch" href="/blog/assets/js/96.02cf7f8b.js"><link rel="prefetch" href="/blog/assets/js/97.a9438771.js"><link rel="prefetch" href="/blog/assets/js/98.12762ccb.js"><link rel="prefetch" href="/blog/assets/js/99.ddbea38c.js">
  13. <link rel="stylesheet" href="/blog/assets/css/0.styles.cf6c3304.css">
  14. </head>
  15. <body class="theme-mode-light">
  16. <div id="app" data-server-rendered="true"><div class="theme-container sidebar-open have-rightmenu"><header class="navbar blur"><div title="目录" class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/blog/" class="home-link router-link-active"><img src="/blog/img/logo.png" alt="彪哥博客" class="logo"> <span class="site-name can-hide">彪哥博客</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/blog/" class="nav-link">首页</a></div><div class="nav-item"><a href="http://fseller.com" target="_blank" rel="noopener noreferrer" class="nav-link external">
  17. 个人游戏网站
  18. <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="前端" class="dropdown-title"><a href="/blog/web/" class="link-title">前端</a> <span class="title" style="display:none;">前端</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>前端文章</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/blog/pages/8143cc480faf9a11/" class="nav-link">JavaScript</a></li></ul></li><li class="dropdown-item"><h4>学习笔记</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/blog/note/javascript/" class="nav-link">《JavaScript教程》</a></li><li class="dropdown-subitem"><a href="/blog/note/js/" class="nav-link">《JavaScript高级程序设计》</a></li><li class="dropdown-subitem"><a href="/blog/note/es6/" class="nav-link">《ES6 教程》</a></li><li class="dropdown-subitem"><a href="/blog/note/vue/" class="nav-link">《Vue》</a></li><li class="dropdown-subitem"><a href="/blog/note/react/" class="nav-link">《React》</a></li><li class="dropdown-subitem"><a href="/blog/note/typescript-axios/" class="nav-link">《TypeScript 从零实现 axios》</a></li><li class="dropdown-subitem"><a href="/blog/note/git/" class="nav-link">《Git》</a></li><li class="dropdown-subitem"><a href="/blog/pages/51afd6/" class="nav-link">TypeScript</a></li><li class="dropdown-subitem"><a href="/blog/pages/4643cd/" class="nav-link">JS设计模式总结</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="页面" class="dropdown-title"><a href="/blog/ui/" class="link-title">页面</a> <span class="title" style="display:none;">页面</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/pages/8309a5b876fc95e3/" class="nav-link">HTML</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/0a83b083bdf257cb/" class="nav-link">CSS</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="技术" class="dropdown-title"><a href="/blog/technology/" class="link-title">技术</a> <span class="title" style="display:none;">技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/pages/9a7ee40fc232253e/" class="nav-link">技术文档</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/4c778760be26d8b3/" class="nav-link">GitHub技巧</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/117708e0af7f0bd9/" class="nav-link">Nodejs</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/41f87d890d0a02af/" class="nav-link">博客搭建</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="更多" class="dropdown-title"><a href="/blog/more/" class="link-title">更多</a> <span class="title" style="display:none;">更多</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/pages/f2a556/" class="nav-link">学习</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/aea6571b7a8bae86/" class="nav-link">面试</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/2d615df9a36a98ed/" class="nav-link">心情杂货</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/baaa02/" class="nav-link">实用技巧</a></li><li class="dropdown-item"><!----> <a href="/blog/friends/" class="nav-link">友情链接</a></li></ul></div></div><div class="nav-item"><a href="/blog/about/" class="nav-link">关于</a></div><div class="nav-item"><a href="/blog/pages/beb6c0bd8a66cea6/" class="nav-link">收藏</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="索引" class="dropdown-title"><a href="/blog/archives/" class="link-title">索引</a> <span class="title" style="display:none;">索引</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/categories/" class="nav-link">分类</a></li><li class="dropdown-item"><!----> <a href="/blog/tags/" class="nav-link">标签</a></li><li class="dropdown-item"><!----> <a href="/blog/archives/" class="nav-link">归档</a></li></ul></div></div> <a href="https://github.com/heBody/blog" target="_blank" rel="noopener noreferrer" class="repo-link">
  19. GitHub
  20. <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav></div></header> <div class="sidebar-mask"></div> <div class="sidebar-hover-trigger"></div> <aside class="sidebar" style="display:none;"><div class="blogger"><img src="https://fastly.jsdelivr.net/gh/xugaoyi/image_store/blog/20200103123203.jpg"> <div class="blogger-info"><h3>彪哥</h3> <span>爱好前端</span></div></div> <nav class="nav-links"><div class="nav-item"><a href="/blog/" class="nav-link">首页</a></div><div class="nav-item"><a href="http://fseller.com" target="_blank" rel="noopener noreferrer" class="nav-link external">
  21. 个人游戏网站
  22. <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="前端" class="dropdown-title"><a href="/blog/web/" class="link-title">前端</a> <span class="title" style="display:none;">前端</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>前端文章</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/blog/pages/8143cc480faf9a11/" class="nav-link">JavaScript</a></li></ul></li><li class="dropdown-item"><h4>学习笔记</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/blog/note/javascript/" class="nav-link">《JavaScript教程》</a></li><li class="dropdown-subitem"><a href="/blog/note/js/" class="nav-link">《JavaScript高级程序设计》</a></li><li class="dropdown-subitem"><a href="/blog/note/es6/" class="nav-link">《ES6 教程》</a></li><li class="dropdown-subitem"><a href="/blog/note/vue/" class="nav-link">《Vue》</a></li><li class="dropdown-subitem"><a href="/blog/note/react/" class="nav-link">《React》</a></li><li class="dropdown-subitem"><a href="/blog/note/typescript-axios/" class="nav-link">《TypeScript 从零实现 axios》</a></li><li class="dropdown-subitem"><a href="/blog/note/git/" class="nav-link">《Git》</a></li><li class="dropdown-subitem"><a href="/blog/pages/51afd6/" class="nav-link">TypeScript</a></li><li class="dropdown-subitem"><a href="/blog/pages/4643cd/" class="nav-link">JS设计模式总结</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="页面" class="dropdown-title"><a href="/blog/ui/" class="link-title">页面</a> <span class="title" style="display:none;">页面</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/pages/8309a5b876fc95e3/" class="nav-link">HTML</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/0a83b083bdf257cb/" class="nav-link">CSS</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="技术" class="dropdown-title"><a href="/blog/technology/" class="link-title">技术</a> <span class="title" style="display:none;">技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/pages/9a7ee40fc232253e/" class="nav-link">技术文档</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/4c778760be26d8b3/" class="nav-link">GitHub技巧</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/117708e0af7f0bd9/" class="nav-link">Nodejs</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/41f87d890d0a02af/" class="nav-link">博客搭建</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="更多" class="dropdown-title"><a href="/blog/more/" class="link-title">更多</a> <span class="title" style="display:none;">更多</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/pages/f2a556/" class="nav-link">学习</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/aea6571b7a8bae86/" class="nav-link">面试</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/2d615df9a36a98ed/" class="nav-link">心情杂货</a></li><li class="dropdown-item"><!----> <a href="/blog/pages/baaa02/" class="nav-link">实用技巧</a></li><li class="dropdown-item"><!----> <a href="/blog/friends/" class="nav-link">友情链接</a></li></ul></div></div><div class="nav-item"><a href="/blog/about/" class="nav-link">关于</a></div><div class="nav-item"><a href="/blog/pages/beb6c0bd8a66cea6/" class="nav-link">收藏</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="索引" class="dropdown-title"><a href="/blog/archives/" class="link-title">索引</a> <span class="title" style="display:none;">索引</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/categories/" class="nav-link">分类</a></li><li class="dropdown-item"><!----> <a href="/blog/tags/" class="nav-link">标签</a></li><li class="dropdown-item"><!----> <a href="/blog/archives/" class="nav-link">归档</a></li></ul></div></div> <a href="https://github.com/heBody/blog" target="_blank" rel="noopener noreferrer" class="repo-link">
  23. GitHub
  24. <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav> <ul class="sidebar-links"><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>初识 TypeScript</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>TypeScript 常用语法</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 项目初始化</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 基础功能实现</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 异常情况处理</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 接口扩展</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 拦截器实现</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 配置化实现</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 取消功能实现</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading open"><span>ts-axios 更多功能实现</span> <span class="arrow down"></span></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/blog/pages/5dce43eba796a2ab/" class="sidebar-link">withCredentials</a></li><li><a href="/blog/pages/390cb70e2b619449/" aria-current="page" class="active sidebar-link">XSRF 防御</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header level2"><a href="/blog/pages/390cb70e2b619449/#需求分析" class="sidebar-link">需求分析</a></li><li class="sidebar-sub-header level2"><a href="/blog/pages/390cb70e2b619449/#代码实现" class="sidebar-link">代码实现</a></li><li class="sidebar-sub-header level2"><a href="/blog/pages/390cb70e2b619449/#demo-编写" class="sidebar-link">demo 编写</a></li></ul></li><li><a href="/blog/pages/1376fd897809036e/" class="sidebar-link">上传和下载的进度监控</a></li><li><a href="/blog/pages/89cd6496c23159ae/" class="sidebar-link">HTTP 授权</a></li><li><a href="/blog/pages/40b41ce8e8159567/" class="sidebar-link">自定义合法状态码</a></li><li><a href="/blog/pages/7753b8141663e54a/" class="sidebar-link">自定义参数序列化</a></li><li><a href="/blog/pages/0b9f2ee2b4dbb728/" class="sidebar-link">baseURL</a></li><li><a href="/blog/pages/c26b053540a7dafa/" class="sidebar-link">静态方法扩展</a></li></ul></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 单元测试</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ts-axios 部署与发布</span> <span class="arrow right"></span></p> <!----></section></li></ul> </aside> <div><main class="page"><div class="theme-vdoing-wrapper "><div class="articleInfo-wrap" data-v-06225672><div class="articleInfo" data-v-06225672><ul class="breadcrumbs" data-v-06225672><li data-v-06225672><a href="/blog/" title="首页" class="iconfont icon-home router-link-active" data-v-06225672></a></li> <li data-v-06225672><a href="/blog/note/typescript-axios/#《TypeScript 从零实现 axios》" data-v-06225672>《TypeScript 从零实现 axios》</a></li><li data-v-06225672><a href="/blog/note/typescript-axios/#ts-axios 更多功能实现" data-v-06225672>ts-axios 更多功能实现</a></li></ul> <div class="info" data-v-06225672><div title="作者" class="author iconfont icon-touxiang" data-v-06225672><a href="javascript:;" data-v-06225672>HuangYi</a></div> <div title="创建时间" class="date iconfont icon-riqi" data-v-06225672><a href="javascript:;" data-v-06225672>2020-01-05</a></div> <!----></div></div></div> <!----> <div class="content-wrapper"><div class="right-menu-wrapper"><div class="right-menu-margin"><div class="right-menu-title">目录</div> <div class="right-menu-content"></div></div></div> <h1><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAYAAAA7MK6iAAAAAXNSR0IArs4c6QAABKFJREFUSA3tVl1oFVcQnrMbrak3QUgkya1akpJYcrUtIqW1JvFBE9LiQ5v6JmJpolbMg32rVrhgoYK0QiMY6i9Y6EMaW5D+xFJaTYItIuK2Kr3+BJNwkxBj05sQY3b3nM6cs2dv9t7NT/vQJw/sndk5M/PNzJkzewGerP+pAmy+ON8lLzUJgA8ZYxYIYZmGYRnctDaWvJJAmTtfP1pvXsBCCPP8QFcCaRkZYACgDZFO4stNIcBCajEOlmmC9XpJ9bAGCaPaPmzPl32dvLSVu3BWCTQs0XQQ6g0DYgwLIoAZbBCdW/i+781o1VVlm/410mw4h06Y7bIPHNyWDyL4FHkX03Q8SrzNhZTZriieckWt7cL6MM85YcLpsi/7O9/iXFT6MswI0DmmpkSaJ0qLxFIm3+i1THHB3zmBH3PYx9CcykcLOeQVVa7QtdxTgQgEleX2AjHYfwA+2ddV77ruGoJUbhGDI09YSNXyMpUt5ylOzxgbUmtOp7NmbNt8v3arjTBfYELmLUV+M+nSawNNAUqpT3ClJWg5I3BLT+cGW/DXNGCa6tx1aakCGEigArTn4TDIPdrXXYKCZNrHLMCOEPvHBlLQ99s9eHB7EB6NTki73CVPQ2F5MSx/uRQixfmq7rK0wYD8w8E905bnPDfwoWs/rfv93NWN/ZfvwsLIU7A09gxECyISeGJkHAau98L97tuw7NXnoPyNF8FcYGLGKsOs0mN3OEyec9esGW/ZEl945dTP34wlR2FZVQWU1q0Cw8Tr7p+hgLLNL0FPxx/Q35mA8aEUrH6nCgwEl0tn7wUiZYJnNRh6DK4UH/k0lfyrsBKdPVv/AriGIQcEDQZ65LBAGe2Rzui9Ybjz7XUppz1/uKBbyVPGkN3ZAeC6hr0x7Nr38N5+EqkoOm17xpoqR9ohQF55ERSvr4Dkr3chNfC3DMzGJlNBElW8w9nsGQvhNGIzDkXzCg8cLK951xHsFBlTJspJNi3ZFIMF2AeDV3q8DNOB+YHi6QTrChDIWDBRi5U5f+ZMfJLu3ccrqxtdxk4SKH336LFxSmkqefwU5T8fhdSdQf9IVKD6aNiwI/hnmcAZ91isYMJIaCUCx9W098+LgruikeTqzqqxKPUwqJyCPJiyemVVZBOijDGjD38Os0jOiSPL1z3SPjXNANbiNPXAdzTfukjjuknNBbyz3nwgTd3AVFqUJ5hpHlq9MveLnWwttUfoygBmvVjuikxND3znrhsELnZk7k+OjIGxeNEkomyLVta0xxn+HZhjBc4YZ/AFjHjz9u3xRZl2BN4aq9nFwWh16IrQ1aHHEd3j1+4/dB9OtH4e29A2H1DyHQRmOSfQZ1Fy7MHBTGB6J/Djq6p3OxyO2cB+4Car7v/o3GXgfAkj23+x9ID1Teoamo/SXcbvSf2PX7Vc8DdCmE1vN9di+32P9/5YR3vLnhCVGUWBjEkr3yh4H8v9CzmsbdhzOKzsJKM90iFdaTMjRPhGVsakRvOaRidljo6H6G7j+ctrJpsP+4COhDIl0La2+FS4+5mlocBaXY5QnGZysIBYoeSsl5qQzrSj/cgNrfuEzlWBfwA+EjrZyWUvpAAAAABJRU5ErkJggg==">XSRF 防御<!----></h1> <div class="theme-vdoing-content content__default"><h1 id="xsrf-防御"><a href="#xsrf-防御" class="header-anchor">#</a> XSRF 防御</h1> <h2 id="需求分析"><a href="#需求分析" class="header-anchor">#</a> 需求分析</h2> <p>XSRF 又名 <a href="https://developer.mozilla.org/en-US/docs/Learn/Server-side/First_steps/Website_security#Cross-Site_Request_Forgery_(CSRF)" target="_blank" rel="noopener noreferrer">CSRF<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>,跨站请求伪造,它是前端常见的一种攻击方式,我们先通过一张图来认识它的攻击手段。</p> <p><img src="https://cdn.jsdelivr.net/gh/xugaoyi/image_store/blog/20200105110743.png" alt="xsrf" title="xsrf"></p> <p>CSRF 的防御手段有很多,比如验证请求的 referer,但是 referer 也是可以伪造的,所以杜绝此类攻击的一种方式是服务器端要求每次请求都包含一个 <code>token</code>,这个 <code>token</code> 不在前端生成,而是在我们每次访问站点的时候生成,并通过 <code>set-cookie</code> 的方式种到客户端,然后客户端发送请求的时候,从 <code>cookie</code> 中对应的字段读取出 <code>token</code>,然后添加到请求 <code>headers</code> 中。这样服务端就可以从请求 <code>headers</code> 中读取这个 <code>token</code> 并验证,由于这个 <code>token</code> 是很难伪造的,所以就能区分这个请求是否是用户正常发起的。</p> <p>对于我们的 <code>ts-axios</code> 库,我们要自动把这几件事做了,每次发送请求的时候,从 <code>cookie</code> 中读取对应的 <code>token</code> 值,然后添加到请求 <code>headers</code>中。我们允许用户配置 <code>xsrfCookieName</code> 和 <code>xsrfHeaderName</code>,其中 <code>xsrfCookieName</code> 表示存储 <code>token</code> 的 <code>cookie</code> 名称,<code>xsrfHeaderName</code> 表示请求 <code>headers</code> 中 <code>token</code> 对应的 <code>header</code> 名称。</p> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code>axios<span class="token punctuation">.</span><span class="token function">get</span><span class="token punctuation">(</span><span class="token string">'/more/get'</span><span class="token punctuation">,</span><span class="token punctuation">{</span>
  25. xsrfCookieName<span class="token operator">:</span> <span class="token string">'XSRF-TOKEN'</span><span class="token punctuation">,</span> <span class="token comment">// default</span>
  26. xsrfHeaderName<span class="token operator">:</span> <span class="token string">'X-XSRF-TOKEN'</span> <span class="token comment">// default</span>
  27. <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">then</span><span class="token punctuation">(</span>res <span class="token operator">=&gt;</span> <span class="token punctuation">{</span>
  28. <span class="token builtin">console</span><span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span>res<span class="token punctuation">)</span>
  29. <span class="token punctuation">}</span><span class="token punctuation">)</span>
  30. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><p>我们提供 <code>xsrfCookieName</code> 和 <code>xsrfHeaderName</code> 的默认值,当然用户也可以根据自己的需求在请求中去配置 <code>xsrfCookieName</code> 和 <code>xsrfHeaderName</code>。</p> <h2 id="代码实现"><a href="#代码实现" class="header-anchor">#</a> 代码实现</h2> <p>先修改 <code>AxiosRequestConfig</code> 的类型定义。</p> <p><code>types/index.ts</code>:</p> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code><span class="token keyword">export</span> <span class="token keyword">interface</span> <span class="token class-name">AxiosRequestConfig</span> <span class="token punctuation">{</span>
  31. <span class="token comment">// ...</span>
  32. xsrfCookieName<span class="token operator">?</span><span class="token operator">:</span> <span class="token builtin">string</span>
  33. xsrfHeaderName<span class="token operator">?</span><span class="token operator">:</span> <span class="token builtin">string</span>
  34. <span class="token punctuation">}</span>
  35. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><p>然后修改默认配置。</p> <p><code>defaults.ts</code>:</p> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code><span class="token keyword">const</span> defaults<span class="token operator">:</span> AxiosRequestConfig <span class="token operator">=</span> <span class="token punctuation">{</span>
  36. <span class="token comment">// ...</span>
  37. xsrfCookieName<span class="token operator">:</span> <span class="token string">'XSRF-TOKEN'</span><span class="token punctuation">,</span>
  38. xsrfHeaderName<span class="token operator">:</span> <span class="token string">'X-XSRF-TOKEN'</span><span class="token punctuation">,</span>
  39. <span class="token punctuation">}</span>
  40. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><p>接下来我们要做三件事:</p> <ul><li><p>首先判断如果是配置 <code>withCredentials</code> 为 <code>true</code> 或者是同域请求,我们才会请求 <code>headers</code> 添加 <code>xsrf</code> 相关的字段。</p></li> <li><p>如果判断成功,尝试从 cookie 中读取 <code>xsrf</code> 的 <code>token</code> 值。</p></li> <li><p>如果能读到,则把它添加到请求 <code>headers</code> 的 <code>xsrf</code> 相关字段中。</p></li></ul> <p>我们先来实现同域请求的判断。</p> <p><code>helpers/url.ts</code>:</p> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code><span class="token keyword">interface</span> <span class="token class-name">URLOrigin</span> <span class="token punctuation">{</span>
  41. protocol<span class="token operator">:</span> <span class="token builtin">string</span>
  42. host<span class="token operator">:</span> <span class="token builtin">string</span>
  43. <span class="token punctuation">}</span>
  44. <span class="token keyword">export</span> <span class="token keyword">function</span> <span class="token function">isURLSameOrigin</span><span class="token punctuation">(</span>requestURL<span class="token operator">:</span> <span class="token builtin">string</span><span class="token punctuation">)</span><span class="token operator">:</span> <span class="token builtin">boolean</span> <span class="token punctuation">{</span>
  45. <span class="token keyword">const</span> parsedOrigin <span class="token operator">=</span> <span class="token function">resolveURL</span><span class="token punctuation">(</span>requestURL<span class="token punctuation">)</span>
  46. <span class="token keyword">return</span> <span class="token punctuation">(</span>
  47. parsedOrigin<span class="token punctuation">.</span>protocol <span class="token operator">===</span> currentOrigin<span class="token punctuation">.</span>protocol <span class="token operator">&amp;&amp;</span> parsedOrigin<span class="token punctuation">.</span>host <span class="token operator">===</span> currentOrigin<span class="token punctuation">.</span>host
  48. <span class="token punctuation">)</span>
  49. <span class="token punctuation">}</span>
  50. <span class="token keyword">const</span> urlParsingNode <span class="token operator">=</span> document<span class="token punctuation">.</span><span class="token function">createElement</span><span class="token punctuation">(</span><span class="token string">'a'</span><span class="token punctuation">)</span>
  51. <span class="token keyword">const</span> currentOrigin <span class="token operator">=</span> <span class="token function">resolveURL</span><span class="token punctuation">(</span>window<span class="token punctuation">.</span>location<span class="token punctuation">.</span>href<span class="token punctuation">)</span>
  52. <span class="token keyword">function</span> <span class="token function">resolveURL</span><span class="token punctuation">(</span>url<span class="token operator">:</span> <span class="token builtin">string</span><span class="token punctuation">)</span><span class="token operator">:</span> URLOrigin <span class="token punctuation">{</span>
  53. urlParsingNode<span class="token punctuation">.</span><span class="token function">setAttribute</span><span class="token punctuation">(</span><span class="token string">'href'</span><span class="token punctuation">,</span> url<span class="token punctuation">)</span>
  54. <span class="token keyword">const</span> <span class="token punctuation">{</span> protocol<span class="token punctuation">,</span> host <span class="token punctuation">}</span> <span class="token operator">=</span> urlParsingNode
  55. <span class="token keyword">return</span> <span class="token punctuation">{</span>
  56. protocol<span class="token punctuation">,</span>
  57. host
  58. <span class="token punctuation">}</span>
  59. <span class="token punctuation">}</span>
  60. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br></div></div><p>同域名的判断主要利用了一个技巧,创建一个 a 标签的 DOM,然后设置 <code>href</code> 属性为我们传入的 <code>url</code>,然后可以获取该 DOM 的 <code>protocol</code>、<code>host</code>。当前页面的 <code>url</code> 和请求的 <code>url</code> 都通过这种方式获取,然后对比它们的 <code>protocol</code> 和 <code>host</code> 是否相同即可。</p> <p>接着实现 cookie 的读取。</p> <p><code>helpers/cookie.ts</code>:</p> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code><span class="token keyword">const</span> cookie <span class="token operator">=</span> <span class="token punctuation">{</span>
  61. <span class="token function">read</span><span class="token punctuation">(</span>name<span class="token operator">:</span> <span class="token builtin">string</span><span class="token punctuation">)</span><span class="token operator">:</span> <span class="token builtin">string</span> <span class="token operator">|</span> <span class="token keyword">null</span> <span class="token punctuation">{</span>
  62. <span class="token keyword">const</span> match <span class="token operator">=</span> document<span class="token punctuation">.</span>cookie<span class="token punctuation">.</span><span class="token function">match</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">RegExp</span><span class="token punctuation">(</span><span class="token string">'(^|;\\s*)('</span> <span class="token operator">+</span> name <span class="token operator">+</span> <span class="token string">')=([^;]*)'</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
  63. <span class="token keyword">return</span> match <span class="token operator">?</span> <span class="token function">decodeURIComponent</span><span class="token punctuation">(</span>match<span class="token punctuation">[</span><span class="token number">3</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token operator">:</span> <span class="token keyword">null</span>
  64. <span class="token punctuation">}</span>
  65. <span class="token punctuation">}</span>
  66. <span class="token keyword">export</span> <span class="token keyword">default</span> cookie
  67. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><p><code>cookie</code> 的读取逻辑很简单,利用了正则表达式可以解析到 <code>name</code> 对应的值。</p> <p>最后实现完整的逻辑。</p> <p><code>core/xhr.ts</code>:</p> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code><span class="token keyword">const</span> <span class="token punctuation">{</span>
  68. <span class="token comment">/*...*/</span>
  69. xsrfCookieName<span class="token punctuation">,</span>
  70. xsrfHeaderName
  71. <span class="token punctuation">}</span> <span class="token operator">=</span> config
  72. <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token punctuation">(</span>withCredentials <span class="token operator">||</span> <span class="token function">isURLSameOrigin</span><span class="token punctuation">(</span>url<span class="token operator">!</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token operator">&amp;&amp;</span> xsrfCookieName<span class="token punctuation">)</span><span class="token punctuation">{</span>
  73. <span class="token keyword">const</span> xsrfValue <span class="token operator">=</span> cookie<span class="token punctuation">.</span><span class="token function">read</span><span class="token punctuation">(</span>xsrfCookieName<span class="token punctuation">)</span>
  74. <span class="token keyword">if</span> <span class="token punctuation">(</span>xsrfValue<span class="token punctuation">)</span> <span class="token punctuation">{</span>
  75. headers<span class="token punctuation">[</span>xsrfHeaderName<span class="token operator">!</span><span class="token punctuation">]</span> <span class="token operator">=</span> xsrfValue
  76. <span class="token punctuation">}</span>
  77. <span class="token punctuation">}</span>
  78. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br></div></div><h2 id="demo-编写"><a href="#demo-编写" class="header-anchor">#</a> demo 编写</h2> <div class="language-typescript line-numbers-mode"><pre class="language-typescript"><code><span class="token keyword">const</span> instance <span class="token operator">=</span> axios<span class="token punctuation">.</span><span class="token function">create</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
  79. xsrfCookieName<span class="token operator">:</span> <span class="token string">'XSRF-TOKEN-D'</span><span class="token punctuation">,</span>
  80. xsrfHeaderName<span class="token operator">:</span> <span class="token string">'X-XSRF-TOKEN-D'</span>
  81. <span class="token punctuation">}</span><span class="token punctuation">)</span>
  82. instance<span class="token punctuation">.</span><span class="token function">get</span><span class="token punctuation">(</span><span class="token string">'/more/get'</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">then</span><span class="token punctuation">(</span>res <span class="token operator">=&gt;</span> <span class="token punctuation">{</span>
  83. <span class="token builtin">console</span><span class="token punctuation">.</span><span class="token function">log</span><span class="token punctuation">(</span>res<span class="token punctuation">)</span>
  84. <span class="token punctuation">}</span><span class="token punctuation">)</span>
  85. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><p><code>examples/server.js</code>:</p> <div class="language-javascript line-numbers-mode"><pre class="language-javascript"><code>app<span class="token punctuation">.</span><span class="token function">use</span><span class="token punctuation">(</span>express<span class="token punctuation">.</span><span class="token function">static</span><span class="token punctuation">(</span>__dirname<span class="token punctuation">,</span> <span class="token punctuation">{</span>
  86. <span class="token function">setHeaders</span> <span class="token punctuation">(</span><span class="token parameter">res</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
  87. res<span class="token punctuation">.</span><span class="token function">cookie</span><span class="token punctuation">(</span><span class="token string">'XSRF-TOKEN-D'</span><span class="token punctuation">,</span> <span class="token string">'1234abc'</span><span class="token punctuation">)</span>
  88. <span class="token punctuation">}</span>
  89. <span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
  90. </code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><p>在访问页面的时候,服务端通过 <code>set-cookie</code> 往客户端种了 <code>key</code> 为 <code>XSRF-TOKEN</code>,值为 <code>1234abc</code> 的 <code>cookie</code>,作为 <code>xsrf</code> 的 <code>token</code> 值。</p> <p>然后我们在前端发送请求的时候,就能从 cookie 中读出 <code>key</code> 为 <code>XSRF-TOKEN</code> 的值,然后把它添加到 <code>key</code> 为 <code>X-XSRF-TOKEN</code> 的请求 <code>headers</code> 中。</p> <p>至此,我们实现了 XSRF 的自动防御的能力,下节课我们来实现 ts-axios 对上传和下载请求的支持。</p></div></div> <div class="page-edit"><div class="edit-link"><a href="https://github.com/heBody/blog/edit/master/docs/《TypeScript 从零实现 axios》/10.ts-axios 更多功能实现/02.XSRF 防御.md" target="_blank" rel="noopener noreferrer">编辑</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="tags"><a href="/blog/tags/?tag=TypeScript" title="标签">#TypeScript</a></div> <div class="last-updated"><span class="prefix">上次更新:</span> <span class="time">2022/12/14, 19:36:42</span></div></div> <div class="page-nav-wapper"><div class="page-nav-centre-wrap"><a href="/blog/pages/5dce43eba796a2ab/" class="page-nav-centre page-nav-centre-prev"><div class="tooltip">withCredentials</div></a> <a href="/blog/pages/1376fd897809036e/" class="page-nav-centre page-nav-centre-next"><div class="tooltip">上传和下载的进度监控</div></a></div> <div class="page-nav"><p class="inner"><span class="prev">
  91. <a href="/blog/pages/5dce43eba796a2ab/" class="prev">withCredentials</a></span> <span class="next"><a href="/blog/pages/1376fd897809036e/">上传和下载的进度监控</a>→
  92. </span></p></div></div></div> <div class="article-list"><div class="article-title"><a href="/blog/archives/" class="iconfont icon-bi">最近更新</a></div> <div class="article-wrapper"><dl><dd>01</dd> <dt><a href="/blog/pages/922650/"><div>
  93. Git修改分支名
  94. <!----></div></a> <span class="date">08-11</span></dt></dl><dl><dd>02</dd> <dt><a href="/blog/pages/55f894/"><div>
  95. CSS给table的tbody添加滚动条
  96. <!----></div></a> <span class="date">06-29</span></dt></dl><dl><dd>03</dd> <dt><a href="/blog/pages/829589/"><div>
  97. 我做了一个手写春联小网页,祝大家虎年暴富
  98. <span class="title-tag">
  99. 原创
  100. </span></div></a> <span class="date">01-28</span></dt></dl> <dl><dd></dd> <dt><a href="/blog/archives/" class="more">更多文章&gt;</a></dt></dl></div></div></main></div> <div class="footer"><div class="icons"><a href="mailto:30363811@qq.com" title="发邮件" target="_blank" class="iconfont icon-youjian"></a><a href="https://github.com/heBody" title="GitHub" target="_blank" class="iconfont icon-github"></a><a href="https://music.163.com/#/playlist?id=755597173" title="听音乐" target="_blank" class="iconfont icon-erji"></a></div>
  101. Theme by
  102. <a href="https://github.com/xugaoyi/vuepress-theme-vdoing" target="_blank" title="本站主题">Vdoing</a>
  103. | Copyright © 2019-2022
  104. <span>Evan Xu | <a href="https://github.com/heBody/blob/master/LICENSE" target="_blank">MIT License</a></span></div> <div class="buttons"><div title="返回顶部" class="button blur go-to-top iconfont icon-fanhuidingbu" style="display:none;"></div> <div title="去评论" class="button blur go-to-comment iconfont icon-pinglun" style="display:none;"></div> <div title="主题模式" class="button blur theme-mode-but iconfont icon-zhuti"><ul class="select-box" style="display:none;"><li class="iconfont icon-zidong">
  105. 跟随系统
  106. </li><li class="iconfont icon-rijianmoshi">
  107. 浅色模式
  108. </li><li class="iconfont icon-yejianmoshi">
  109. 深色模式
  110. </li><li class="iconfont icon-yuedu">
  111. 阅读模式
  112. </li></ul></div></div> <!----> <!----> <!----></div><div class="global-ui"><div></div></div></div>
  113. <script src="/blog/assets/js/app.b419507c.js" defer></script><script src="/blog/assets/js/2.602aac03.js" defer></script><script src="/blog/assets/js/191.f19beada.js" defer></script>
  114. </body>
  115. </html>