使用Java對csrf漏洞進行修復,具體方法如下:
package referer;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class RefererServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
String header = request.getHeader("Referer");
//String domainName = null;
String[] domain = { "localhost", "test.localhost", "admin.localhost" };
boolean key=false;
for (int i = 0; i < domain.length; i++) {
if (header != null && header.startsWith("http://" + domain[i]) && header.endsWith(domain[i])) {
key=true;
}
}
if(key==true) {
response.getWriter().write("成功讀到打到數據");
}else{
response.getWriter().write("非法請求");
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}