现在我已经阅读了这一点,并且注意到了 跨网域,同源政策。
Now I've read up on this and am aware of the cross-domain, same origin policy.
CORS不会阻止CSRF,它只是放松同源政策强制执行的限制。
CORS does not prevent CSRF, all it does is relax the restrictions enforced by the Same Origin Policy.
此外,窗口的内容必须与您要与其互动的文档位于同一来源,否则您将被同源政策。
Additionally, the window's content must be on the same origin as the document you're interacting with it from, or you'll be blocked by the same origin Policy.
应用推荐