http://www.cnblogs.com/libin-... You can refer to this article. The most effective way to prevent xsrf is to add custom attributes in the request header. The attribute value is the token returned by the background (generally stored in the cookie), when the backend server accepts the request from the browser, it will get the token in the request header for comparison.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
http://www.cnblogs.com/libin-...
You can refer to this article. The most effective way to prevent xsrf is to add custom attributes in the request header. The attribute value is the token returned by the background (generally stored in the cookie), when the backend server accepts the request from the browser, it will get the token in the request header for comparison.