Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[网络] 50. cookie 和 token 都存放在 header 中,为什么不会劫持 token? #987

Open
qiilee opened this issue Feb 24, 2020 · 1 comment

Comments

@qiilee
Copy link
Member

qiilee commented Feb 24, 2020

No description provided.

@HYzoro
Copy link

HYzoro commented Oct 14, 2020

浏览器发送请求的时候不会自动带上token,而cookie在浏览器发送请求的时候会被自动带上。

csrf就是利用的这一特性,所以token可以防范csrf,而cookie不能。

JWT本身只关心请求的安全性,并不关心toekn本身的安全。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants