在我的Django管理站点中,我运行了一个漏洞测试,它显示了以下威胁:
An effective CSRF (Cross-Site Request Forgery) countermeasure for forms is to
include a hidden field with a random value specific to the user's current session.
A form was detected that did not appear to contain an anti-CSRF token.
This form was tested for susceptibility to a CSRF attack and determined to be vulnerable.
我检查我的管理页面;那里已经设置了CSRF。在
自动化工具通常会对Django的CSRF保护给出误报。Django安全团队会收到许多这样的无效报告。在
相关问题 更多 >
编程相关推荐