{"id":248399,"date":"2020-12-31T22:27:20","date_gmt":"2020-12-31T14:27:20","guid":{"rendered":"http:\/\/4563.org\/?p=248399"},"modified":"2020-12-31T22:27:20","modified_gmt":"2020-12-31T14:27:20","slug":"%e8%af%b7%e6%95%99%e5%89%8d%e7%ab%af%e5%ae%89%e5%85%a8%e9%97%ae%e9%a2%98%ef%bc%9a%e5%89%8d%e7%ab%af-cookie-%e8%ae%be%e7%bd%ae-httponlytrue-%e7%a6%81%e6%ad%a2-js-%e8%af%bb%e5%8f%96%e5%b0%b1%e7%bb%9d","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=248399","title":{"rendered":"\u8bf7\u6559\u524d\u7aef\u5b89\u5168\u95ee\u9898\uff1a\u524d\u7aef Cookie \u8bbe\u7f6e httpOnly=true \u7981\u6b62 JS \u8bfb\u53d6\u5c31\u7edd\u5bf9\u5b89\u5168\u5417"},"content":{"rendered":"<div>\n<div>\n<div>\n<h1>                  \u8bf7\u6559\u524d\u7aef\u5b89\u5168\u95ee\u9898\uff1a\u524d\u7aef Cookie \u8bbe\u7f6e httpOnly=true \u7981\u6b62 JS \u8bfb\u53d6\u5c31\u7edd\u5bf9\u5b89\u5168\u5417               <\/h1>\n<p> <\/p>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : bojue <\/span>  <span><i><\/i> 4<\/span> <\/div>\n<div> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div isfirst=\"1\">                        \u8bbe\u7f6e httpOnly \u662f\u4e0d\u662f\u5c31\u53ef\u4ee5\u5728\u524d\u7aef\u9632\u6b62 Cookie \u6cc4\u9732\uff0c\u9632\u5fa1\u4f2a\u9020\u8bf7\u6c42\uff08 CSRF \uff09\u5b89\u5168\u95ee\u9898\u3002<\/p>\n<p>\u7f51\u4e0a\u67e5\u9605\u7684\u8d44\u6599\uff0c\u5728\u4e00\u4e9b\u6d4f\u89c8\u5668\u7684\u65e7\u7248\u672c\u4e0a\uff0c\u867d\u7136\u652f\u6301 httpOnly=true \u65f6\u7981\u6b62\u8bfb\u53d6 Cookie\uff0c\u4f46\u662f\u6ca1\u6709\u9884\u9632 Cookie \u7684\u5199\u5165\uff0c\u53ef\u4ee5\u901a\u8fc7\u91cd\u5199 Cookie \u8986\u76d6 httpOnly = true \u7684\u5b89\u5168\u8bbe\u7f6e[\u672a\u5c1d\u8bd5]\u3002<\/p>\n<p>\u5728\u73b0\u4ee3\u6d4f\u89c8\u5668\u73af\u5883\uff0c\u662f\u5426\u5b58\u5728\u5176\u4ed6\u65b9\u5f0f\u5bfc\u81f4\u5728\u524d\u7aef\u6cc4\u9732 Cookie      <\/p><\/div>\n<div> <b>\u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (<span>8<\/span>)        <\/div>\n<div> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<ul>\n<li data-pid=\"4824380\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : Mitt <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             \u53ea\u8981\u4e0d\u88ab\u4e2d\u95f4\u4eba\uff0cJS \u6295\u6bd2\u5c31\u5f88\u5b89\u5168                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824381\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : momocraft <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             \u8003\u8651\u4e00\u4e0b\u60f3 csrf \u7684\u4eba\u7684\u89c6\u89d2<\/p>\n<p>\u5fc5\u987b\u6cc4\u9732\u624d\u80fd\u4f7f\u7528\u5417? js \u4e0d\u80fd\u8bfb\u53d6\u7b49\u4e8e js \u4e0d\u80fd\u4f7f\u7528\u5417?                                                            <\/p><\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824382\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u4e3b<\/span> <span>\u8cc7\u6df1\u5927\u4f6c : bojue <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             @Mitt \u4e5f\u5c31\u662f\u8bf4 httpOnly \u4e5f\u4e0d\u5b89\u5168\uff0c\u901a\u8fc7\u4ee3\u7406\u4e4b\u7c7b\u7684\u65b9\u6848\u53ef\u4ee5\u83b7\u53d6\u7ed5\u5f00 httpOnly \u7684\u8bbe\u7f6e                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824383\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u4e3b<\/span> <span>\u8cc7\u6df1\u5927\u4f6c : bojue <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             @momocraft \u4f60\u8fd9\u4e2a\u89d2\u5ea6\u5f88\u68d2\uff0c\u6bd4\u5982\u80d6\u5ba2\u6237\u7aef\u5bfc\u81f4\u8ba4\u8bc1\u4fe1\u606f\u6cc4\u9732\uff0c\u5f15\u53d1 csrf \u3002<\/p>\n<p>\u4f46\u662f\u6211\u73b0\u5728\u4e0d\u80fd\u786e\u5b9a httpOnly \u5230\u5e95\u80fd\u4e0d\u4f5c\u4e3a csrf \u7684\u4e00\u4e2a\u65b9\u6848\uff0c\u786e\u4fdd cookie \u4e0d\u88ab\u83b7\u53d6                                                            <\/p><\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824384\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : liuxey <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             HttpOnly \u80fd\u9632\u6b62 XSS \u653b\u51fb\uff0c\u4f46\u5e76\u4e0d\u80fd\u89e3\u51b3 CSRF \u95ee\u9898\uff0c\u9632\u5fa1 CSRF \u5e38\u7528\u7684\u65b9\u6cd5\u662f\u9690\u85cf\u8868\u5355\u57df\u5b58 CSRF token                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824385\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u4e3b<\/span> <span>\u8cc7\u6df1\u5927\u4f6c : bojue <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             @liuxey \u8c22\u8c22\uff0c\u662f\u6211\u641e\u9519\u4e86\u8de8\u7ad9\u811a\u672c\u548c\u8bf7\u6c42\u4f2a\u9020\u7684\u6982\u5ff5                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824386\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : YouLMAO <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             httpOnly \u7981\u6b62 js \u8bfb, \u4e0d\u7981\u6b62\u53d1\u7ed9\u670d\u52a1\u5668, \u4e0d\u9884\u9632 CSRF, \u800c\u9884\u9632 xss                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li data-pid=\"4824387\" data-uid=\"2\">\n<div>\n<div>\n<div> <span>\u8cc7\u6df1\u5927\u4f6c : wunonglin <\/span>  <\/div>\n<div> <i title=\"\u5f15\u7528\"><\/i>  <span>          <\/span> <\/div>\n<\/p><\/div>\n<div>                                                             \u7b54\uff1a\u5728\u73b0\u4ee3\u6d4f\u89c8\u5668\u73af\u5883\uff0c\u8fd8\u5b58\u5728\u6253\u5f00\u63a7\u5236\u53f0\u5bfc\u81f4\u5728\u524d\u7aef\u6cc4\u9732 Cookie                                                            <\/div>\n<\/p><\/div>\n<\/li>\n<li>\n","protected":false},"excerpt":{"rendered":"<p>\u8bf7\u6559\u524d\u7aef\u5b89\u5168\u95ee\u9898\uff1a\u524d\u7aef Cooki&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/248399"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=248399"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/248399\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=248399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=248399"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=248399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}