Open
Description
in the Chinese version “understanding-csrf”
original article:
As noted above, if you don't support CORS and your APIs are strictly JSON, there is absolutely no point in adding CSRF tokens to your AJAX calls.
Inaccurate:
正如上面提到的,如果你不支持CORS并且你的API是传输的严格的JSON, 绝没可能在你的AJAX 调用中加入CSRF token。
better:
正如上面提到的,如果你不支持CORS并且你的API是传输的严格的JSON, 在你的AJAX 调用中加入CSRF token 是毫无意义的。
Metadata
Metadata
Assignees
Labels
No labels