python tornado csrf跨域請求僞造

python tornado csrf跨域請求僞造

from tornado.web import RequestHandler, Application
from tornado.ioloop import IOLoop
import os


class IndexHandle(RequestHandler):
    def get(self):
        self.render('csrf.html')

    def post(self):
        uname = self.get_argument('uname')
        self.write(uname)

settings = {
    'xsrf_cookies': True
}

app = Application([
    (r'^/$', IndexHandle)], template_path=os.path.join(os.getcwd(), 'templates'), **settings)
app.listen(8000)
IOLoop.instance().start()