Fetch Metadata 请求头实践：防跨站请求伪造与滥用

YBB 1 阅读 0 评论 0 点赞

概述Fetch Metadata 在每次请求中附带来源与目的信息（`Sec-Fetch-*`），后端可基于此拒绝异常来源或不期望的目的类型（如跨站导航触发的敏感 POST）。防护策略（已验证）拒绝跨站写入：当 `Sec-Fetch-Site` 为 `cross-site` 且 `Sec-Fetch-Mode` 为 `navigate`/`cors` 时拒绝敏感写操作（来源）仅允许同源 API：限制 `Sec-Fetch-Site` 为 `same-origin` 的写请求；为公开资源保留只读策略白名单：为 SSO 或可信中间层添加来源白名单与额外校验

点赞(0) 打赏

本文分类：Recovered Channel 1273
本文标签：fet h metadata 请求实践防跨站伪造滥用
浏览次数：1 次浏览
发布日期：2026-02-14 03:20:35
本文链接：http://ybb.ybb.press/recovered-1273/1218.html

评论列表共有 0 条评论

暂无评论

发表评论取消回复

微信公众账号

微信扫一扫加关注

发表
评论返回
顶部

基本文件流程错误 SQL 调试

/www/wwwroot/yebinbing/public/index.php ( 0.88 KB )
/www/wwwroot/yebinbing/thinkphp/start.php ( 0.72 KB )
/www/wwwroot/yebinbing/thinkphp/base.php ( 2.60 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Loader.php ( 21.07 KB )
/www/wwwroot/yebinbing/vendor/composer/autoload_static.php ( 10.49 KB )
/www/wwwroot/yebinbing/vendor/symfony/deprecation-contracts/function.php ( 0.98 KB )
/www/wwwroot/yebinbing/vendor/symfony/polyfill-php80/bootstrap.php ( 1.50 KB )
/www/wwwroot/yebinbing/vendor/symfony/polyfill-mbstring/bootstrap.php ( 8.26 KB )
/www/wwwroot/yebinbing/vendor/ralouphie/getallheaders/src/getallheaders.php ( 1.60 KB )
/www/wwwroot/yebinbing/vendor/guzzlehttp/guzzle/src/functions_include.php ( 0.16 KB )
/www/wwwroot/yebinbing/vendor/guzzlehttp/guzzle/src/functions.php ( 5.54 KB )
/www/wwwroot/yebinbing/vendor/symfony/polyfill-php73/bootstrap.php ( 0.99 KB )
/www/wwwroot/yebinbing/vendor/ezyang/htmlpurifier/library/HTMLPurifier.composer.php ( 0.10 KB )
/www/wwwroot/yebinbing/vendor/topthink/think-helper/src/helper.php ( 2.88 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/common.php ( 15.67 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Route.php ( 60.23 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Config.php ( 6.38 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Hook.php ( 4.71 KB )
/www/wwwroot/yebinbing/vendor/overtrue/wechat/src/Kernel/Support/Helpers.php ( 2.54 KB )
/www/wwwroot/yebinbing/vendor/overtrue/wechat/src/Kernel/Helpers.php ( 1.89 KB )
/www/wwwroot/yebinbing/vendor/topthink/think-captcha/src/helper.php ( 1.94 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Validate.php ( 42.78 KB )
/www/wwwroot/yebinbing/vendor/topthink/think-queue/src/common.php ( 1.19 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Console.php ( 23.13 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Error.php ( 3.75 KB )
/www/wwwroot/yebinbing/thinkphp/convention.php ( 10.37 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/App.php ( 21.58 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Request.php ( 49.78 KB )
/www/wwwroot/yebinbing/application/config.php ( 11.96 KB )
/www/wwwroot/yebinbing/application/database.php ( 2.25 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Env.php ( 1.21 KB )
/www/wwwroot/yebinbing/application/extra/addons.php ( 1.20 KB )
/www/wwwroot/yebinbing/application/extra/apibbj.php ( 0.86 KB )
/www/wwwroot/yebinbing/application/extra/queue.php ( 0.55 KB )
/www/wwwroot/yebinbing/application/extra/site.php ( 0.89 KB )
/www/wwwroot/yebinbing/application/extra/upload.php ( 1.05 KB )
/www/wwwroot/yebinbing/application/tags.php ( 1.23 KB )
/www/wwwroot/yebinbing/application/common.php ( 15.57 KB )
/www/wwwroot/yebinbing/thinkphp/helper.php ( 17.30 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Debug.php ( 7.13 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Log.php ( 6.05 KB )
/www/wwwroot/yebinbing/addons/cms/Cms.php ( 6.48 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/Addons.php ( 7.64 KB )
/www/wwwroot/yebinbing/addons/signin/Signin.php ( 2.24 KB )
/www/wwwroot/yebinbing/addons/cropper/Cropper.php ( 0.65 KB )
/www/wwwroot/yebinbing/addons/nkeditor/Nkeditor.php ( 1.35 KB )
/www/wwwroot/yebinbing/addons/prism/Prism.php ( 2.04 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Cache.php ( 6.10 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/cache/driver/File.php ( 7.27 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/cache/Driver.php ( 5.98 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/View.php ( 6.77 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/view/driver/Think.php ( 5.64 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Template.php ( 44.92 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/template/driver/File.php ( 2.24 KB )
/www/wwwroot/yebinbing/addons/cms/config.php ( 28.14 KB )
/www/wwwroot/yebinbing/application/common/behavior/Common.php ( 3.02 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Lang.php ( 7.42 KB )
/www/wwwroot/yebinbing/thinkphp/lang/zh-cn.php ( 11.81 KB )
/www/wwwroot/yebinbing/application/route.php ( 1.08 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/addons/Route.php ( 3.35 KB )
/www/wwwroot/yebinbing/application/common/lang/zh-cn/addon.php ( 6.09 KB )
/www/wwwroot/yebinbing/extend/fast/Form.php ( 39.79 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/config/driver/Ini.php ( 0.83 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Url.php ( 12.72 KB )
/www/wwwroot/yebinbing/addons/cms/controller/Archives.php ( 5.85 KB )
/www/wwwroot/yebinbing/addons/cms/controller/Base.php ( 3.75 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/addons/Controller.php ( 7.08 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Controller.php ( 6.07 KB )
/www/wwwroot/yebinbing/thinkphp/library/traits/controller/Jump.php ( 4.92 KB )
/www/wwwroot/yebinbing/addons/cms/lang/zh-cn.php ( 5.58 KB )
/www/wwwroot/yebinbing/application/common/library/Auth.php ( 15.50 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Cookie.php ( 8.17 KB )
/www/wwwroot/yebinbing/application/common/model/Config.php ( 6.71 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Model.php ( 69.55 KB )
/www/wwwroot/yebinbing/addons/cms/library/Service.php ( 28.97 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Db.php ( 6.67 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/connector/Mysql.php ( 3.89 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Connection.php ( 29.97 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Query.php ( 93.80 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/builder/Mysql.php ( 4.53 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Builder.php ( 31.81 KB )
/www/wwwroot/yebinbing/addons/cms/model/Archives.php ( 22.89 KB )
/www/wwwroot/yebinbing/thinkphp/library/traits/model/SoftDelete.php ( 4.86 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/relation/BelongsTo.php ( 7.75 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/relation/OneToOne.php ( 10.03 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/Relation.php ( 3.61 KB )
/www/wwwroot/yebinbing/addons/cms/model/Channel.php ( 19.14 KB )
/www/wwwroot/yebinbing/addons/cms/model/Modelx.php ( 1.97 KB )
/www/wwwroot/yebinbing/addons/cms/model/Fields.php ( 3.46 KB )
/www/wwwroot/yebinbing/addons/cms/model/SpiderLog.php ( 1.75 KB )
/www/wwwroot/yebinbing/addons/cms/model/Tag.php ( 6.98 KB )
/www/wwwroot/yebinbing/addons/cms/model/Autolink.php ( 0.57 KB )
/www/wwwroot/yebinbing/application/common/model/User.php ( 4.22 KB )
/www/wwwroot/yebinbing/runtime/temp/388d6f0b5bff3196cdb77891cfa4196c.php ( 32.66 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Session.php ( 10.86 KB )
/www/wwwroot/yebinbing/extend/fast/Tree.php ( 15.55 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/Collection.php ( 2.27 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Collection.php ( 11.10 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Expression.php ( 1.11 KB )
/www/wwwroot/yebinbing/addons/cms/model/Comment.php ( 9.37 KB )
/www/wwwroot/yebinbing/addons/cms/library/Bootstrap.php ( 5.49 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Paginator.php ( 9.94 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Response.php ( 8.28 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/debug/Html.php ( 4.17 KB )

[ BEHAVIOR ] Run Closure @app_init [ RunTime:0.000094s ]
[ CACHE ] INIT File
[ BEHAVIOR ] Run \addons\cms\Cms @app_init [ RunTime:0.009921s ]
[ BEHAVIOR ] Run Closure @app_init [ RunTime:0.010054s ]
[ BEHAVIOR ] Run app\common\behavior\Common @app_init [ RunTime:0.001544s ]
[ LANG ] /www/wwwroot/yebinbing/thinkphp/lang/zh-cn.php
[ BEHAVIOR ] Run app\common\behavior\Common @app_dispatch [ RunTime:0.000127s ]
[ ROUTE ] array ( 'type' => 'method', 'method' => array ( 0 => '\\think\\addons\\Route', 1 => 'execute', ), 'var' => array ( 'addon' => 'cms', 'controller' => 'archives', 'action' => 'index', ), )
[ HEADER ] array ( 'cf-visitor' => '{"scheme":"https"}', 'cf-ipcountry' => 'US', 'cf-connecting-ip' => '216.73.216.35', 'cdn-loop' => 'cloudflare; loops=1', 'user-agent' => 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; [email protected])', 'accept-encoding' => 'gzip, br', 'accept' => '*/*', 'cf-ray' => '9ce656d8d8e44603-CMH', 'connection' => 'close', 'remote-host' => '104.23.243.8', 'x-forwarded-port' => '80', 'x-forwarded-host' => 'www.ybb.press', 'x-forwarded-proto' => 'http', 'x-forwarded-for' => '216.73.216.35, 104.23.243.8', 'x-real-port' => '10051', 'x-real-ip' => '104.23.243.8', 'host' => 'ybb.ybb.press', 'content-length' => '', 'content-type' => '', )
[ PARAM ] array ( 'catename' => 'recovered-1273', 'id' => '1218', )
[ RUN ] think\addons\Route->execute[ /www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/addons/Route.php ]
[ LANG ] /www/wwwroot/yebinbing/public/../application/common/lang/zh-cn/addon.php
[ BEHAVIOR ] Run app\common\behavior\Common @addon_begin [ RunTime:0.004623s ]
[ LANG ] /www/wwwroot/yebinbing/addons/cms/lang/zh-cn.php
[ DB ] INIT mysql
[ VIEW ] /www/wwwroot/yebinbing/addons/cms/view/default/show_news.html [ array ( 0 => 'config', 1 => 'user', 2 => 'site', 3 => '__CHANNEL__', 4 => 'isWechat', 5 => '__ARCHIVES__', 6 => '__MODEL__', ) ]
[ SESSION ] INIT array ( 'id' => '', 'var_session_id' => '', 'prefix' => 'think', 'type' => '', 'auto_start' => true, )
[ BEHAVIOR ] Run \addons\cms\Cms @view_filter [ RunTime:0.000289s ]

1.959520s

ShowPageTrace