English
English
With the continuous development of network technologies, network security risks have also increased. Cross-Site Request Forgery (CSRF) attacks have become one of the major threats faced by current internet applications. This article introduces the basic principles of CSRF attacks, common defense methods, and further explains how to implement these defenses, with relevant code examples.
CSRF attacks exploit authenticated sessions to perform malicious operations. Attackers trick users into clicking on malicious links or visiting harmful websites, causing them to unknowingly send forged requests. Once a user is logged in and authenticated on a trusted website, the browser automatically includes the corresponding credentials when sending a request, allowing attackers to impersonate the user and send requests to perform malicious actions.
Same-origin check is one of the common methods to defend against CSRF attacks. It compares the origin and target address of the request to determine its legitimacy. The server verifies whether the source domain and target domain are consistent; if they do not match, the request is rejected.
@RequestMapping("/transfer")
public String transferMoney(HttpServletRequest request) {
String origin = request.getHeader("Referer");
String target = request.getServerName();
if (!origin.equals(target)) {
return "Illegal Request";
}
// Business logic...
return "Transfer Successful";
}
Adding a CSRF Token is another common defense method. When the server returns the HTML page, it generates a unique token and embeds it in a form or sends it as a cookie to the client. When the form is submitted, the token is sent to the server. The server then verifies whether the token matches. If they do not match, the request is rejected.
@RequestMapping("/transfer")
public String transferMoney(HttpServletRequest request, @RequestParam("csrfToken") String csrfToken) {
HttpSession session = request.getSession();
String storedToken = (String) session.getAttribute("csrfToken");
if (!csrfToken.equals(storedToken)) {
return "Invalid Token";
}
// Business logic...
return "Transfer Successful";
}
Asynchronous requests, using technologies like AJAX, allow requests to be sent to the server without refreshing the page. This makes CSRF attacks more difficult to block. Therefore, for sensitive operations, it is better to use synchronous requests to establish a more reliable session with the server.
In backend services, the Referer header of the request can be used to verify whether the source of the request is legitimate. If the request source does not match the target, the request is rejected.
@RequestMapping("/transfer")
public String transferMoney(HttpServletRequest request) {
String origin = request.getHeader("Referer");
String target = request.getServerName();
if (!origin.equals(target)) {
return "Illegal Request";
}
// Business logic...
return "Transfer Successful";
}
When sending the HTML page to the frontend, generate a unique token and embed it in the form or send it as a cookie to the client. When the frontend submits the request, the token is sent to the server, and the server verifies if the token matches to determine the legitimacy of the request.
@RequestMapping("/transfer")
public String transferMoney(HttpServletRequest request, @RequestParam("csrfToken") String csrfToken) {
HttpSession session = request.getSession();
String storedToken = (String) session.getAttribute("csrfToken");
if (!csrfToken.equals(storedToken)) {
return "Invalid Token";
}
// Business logic...
return "Transfer Successful";
}
CSRF attacks are a common and harmful attack method, but through effective defense strategies, the security of applications can be enhanced. This article introduced two common defense methods: same-origin check and CSRF Token. It also provided implementation examples of these methods. Developers should choose appropriate defense strategies based on the specific situation and implement them correctly to ensure user data security.
