Csrf ?及ajax的csrf 请求

#!/usr/bin/python# -*- coding: UTF-8 -*-#验证码import tornado.ioloopimport tornado.webclass CrsfHandler(tornado.web.RequestHandler): ???def get(self, *args, **kwargs): ???????self.render("crsf.html") ???def post(self, *args, **kwargs): ???????self.write("csrf.post")settings = { ???"xsrf_cookies": True,}class CheckCodeHandler(tornado.web.RequestHandler): ???def get(self): ???????import io ???????import check_code ???????mstream = io.BytesIO() ???????# 创建图片 写入验证码 ???????img, code = check_code.create_validate_code() ???????# 图片对象写入到mstream ???????img.save(mstream, "GIF") ???????# self.session["CheckCode"] = code ???????print(mstream.getvalue()) ???????self.write(mstream.getvalue())class MainHandler(tornado.web.RequestHandler): ???def get(self): ???????self.render("index.html",)application = tornado.web.Application([ ???(r"/index", MainHandler), ???#(r"/check_code", CheckCodeHandler), ???(r"/crsf", CrsfHandler),],**settings)if __name__ == "__main__": ???application.listen(5555) ???tornado.ioloop.IOLoop.instance().start()

<!DOCTYPE html><html lang="en"><head> ???<meta charset="UTF-8"> ???<title>Title</title></head><body><form action="/crsf" method="post"> ?????{% raw xsrf_form_html() %} ???<p><input name="name" value=""></p> ???<p><input name="pwd" value=""></p> ??<p> ??????<input name="valide" value="" placeholder="验证码"> ??????<input type="submit" value="submit" > ??</p></form><script type="text/javascript"> ???????function ChangeCode() { ???????????var code = document.getElementById(‘imgCode‘); ???????????code.src += ‘?‘; ???????} </script></body></html>