在我的Django管理站点中,我运行了一个漏洞测试,它显示以下威胁:
An effective CSRF (Cross-Site Request Forgery) countermeasure for forms is to
include a hidden field with a random value specific to the user's current session.
A form was detected that did not appear to contain an anti-CSRF token.
This form was tested for susceptibility to a CSRF attack and determined to be vulnerable.
我检查我的管理页面; CSRF已经确定。
答案 0 :(得分:0)
自动化工具通常会给Django的CSRF保护带来误报。 Django安全团队收到许多这样的无效报告。