用AppScan扫描java web项目出来CSRF跨站点请求伪造漏洞,这个该怎么写代码解决呢。网上的方法谁有具体例子
1个回答
展开全部
过滤器
//HTTP头设置 Referer过滤
String referer =request2.getHeader("Referer"); //REFRESH
if(referer!=null&& referer.indexOf(basePath)<0){
request2.getRequestDispatcher(request2.getRequestURI()).forward(request2,response);
}
3.Autocomplete HTML Attribute Not Disabled for Password Field
修复任务: Correctly set the"autocomplete" attribute to "off"
密 码:
<inputname="userinfo.userPwd" type="password" autocomplete = "off"/>
//HTTP头设置 Referer过滤
String referer =request2.getHeader("Referer"); //REFRESH
if(referer!=null&& referer.indexOf(basePath)<0){
request2.getRequestDispatcher(request2.getRequestURI()).forward(request2,response);
}
3.Autocomplete HTML Attribute Not Disabled for Password Field
修复任务: Correctly set the"autocomplete" attribute to "off"
密 码:
<inputname="userinfo.userPwd" type="password" autocomplete = "off"/>
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
