Shulou(Shulou.com)06/01 Report--

Most people do not understand the knowledge points of this article "what are the security vulnerabilities of jquery", so the editor summarizes the following content, detailed content, clear steps, and has a certain reference value. I hope you can gain something after reading this article. Let's take a look at this article "what are the security vulnerabilities of jquery?"

1. Check the ORIGIN header

According to OWASP, this is not enough, but it is recommended:

Although it is easy to spoof any header from your own browser, it is usually not possible in a CSRF attack except through a XSS vulnerability. This is why checking headers is a reasonable first step in CSRF defense, but because they don't always exist, they can't usually be considered as adequate defenses alone.

Origin headers are thought to help prevent JSON data embezzlement and CSRF attacks. The information provided by Origin (some context request creation information) should provide a hint to the Web server about the credibility of the request […]

Check that the HTTP_ORIGIN title can be written as:

Header ('Content-Type: application/json')

If (isset ($_ SERVER ['HTTP_ORIGIN'])) {

$address=' http://'. $_ SERVER ['SERVER_NAME']

If (strpos ($address, $_ SERVER ['HTTP_ORIGIN'])! = 0) {

Exit (json_encode ([

Error'= > 'Invalid Origin header:'. $_ SERVER ['HTTP_ORIGIN']

]))

}

} else {

Exit (json_encode (['error'= >' No Origin header']))

}

1. (II) check the REFERER header

If there is no Origin header

Make sure that the hostname in the Referer header matches the source of the site Checking referrals is a common way to prevent CSRF on embedded network devices because it does not require every user status. This CSRF mitigation method is also commonly used for unauthenticated requests […]

Using to check, HTTP_REFERER is also very simple in PHP $_ SERVER ['HTTP_REFERER'], which you can use to update the above code.

Be sure to always do a real check: don't just check example.com or _ api.example.com, not the complete

The source of the class of _ api.example.com.hacker.com to deceive this check.

two。 Generate CSRF tokens

In short, a clear answer to a specific explanation for PHP has been given:

Generate tokens:

Session_start ()

If (empty ($_ SESSION ['csrf_token'])) {

$_ SESSION ['csrf_token'] = bin2hex (random_bytes (32))

}

Add it to the generated view through meta (for example, Github):

Set up the jQuery ajax call to include this token:

$.ajaxSetup ({

Headers: {

'CsrfToken': $(' metaAsia [name = "csrf-token"]'). Attr ('content')

}

})

The server checks your AJAX request:

Session_start ()

If (empty ($_ SESSION ['csrf_token'])) {

$_ SESSION ['csrf_token'] = bin2hex (random_bytes (32))

}

Header ('Content-Type: application/json')

$headers=apache_request_headers ()

If (isset ($headers ['CsrfToken'])) {

If ($headers ['CsrfToken']! = = $_ SESSION [' csrf_token']) {

Exit (json_encode (['error'= >' Wrong CSRF token.']))

}

} else {

Exit (json_encode (['error'= >' No CSRF token.']))

}

Most PHP frameworks have their own CSRF implementations, based more or less on the same principle.

The above is the content of this article on "what are the security vulnerabilities of jquery". I believe we all have a certain understanding. I hope the content shared by the editor will be helpful to you. If you want to know more about the relevant knowledge, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.