问题
When CSRF is enabled and a web page has multiple forms, will all the forms have the same csrf token or each form has a unique csrf token?
If this is framework dependent, then how does it work in the context of spring security?
回答1:
CSRF is not associated with form or something but to associated with each request.
Each individual request contains new csrf token.
来源:https://stackoverflow.com/questions/64422918/csrf-token-on-a-web-page-with-multiple-forms