Django Book 翻译
菜单>:
TOC
返回
原文:
In the previous example, ``example.com`` was partially at fault because it allowed a state change (i.e., logging the user out) to be requested via the HTTP ``GET`` method. Its much better practice to require an HTTP ``POST`` for any request that changes state on the server. But even Web sites that require ``POST`` for state-changing actions are vulnerable to CSRF.
翻译:
在上一个例子中, ``example.com`` 应该负部分责任,因为它允许通过 HTTP ``GET`` 方法进行状态变更(即登入和登出)。如果对服务器的状态变更要求使用 HTTP ``POST`` 方法,情况就好得多了。但是,即便是强制要求使用 ``POST`` 方法进行状态变更操作也易受到 CSRF 攻击。
备注:
译者: