Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cross-station request processing method and device and electronic equipment

A technology of cross-site request and processing method, applied in the field of communication, can solve the problems of unusable, URL length limitation, easy to be intercepted and forged, etc.

Active Publication Date: 2020-05-29
ALIBABA GRP HLDG LTD
View PDF13 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since the request is cross-domain, CSRF Token cannot be implanted on the page in the process of submitting data to the web server (using HTML form) like a traditional web application, so for some writing operation scenarios, such as sending a user For transfer, using JSONP directly will have a greater security risk
In addition, the JSONP protocol can only be submitted in GET mode, so parameters can only be written in the URL, which is easy to be intercepted and forged, and is limited by the length of the URL, and cannot be used in some scenarios with relatively large request bodies
[0003] If you use the Asynchronous JavaScript and XML (Asynchronous JavaScript And XML, AJAX) protocol to transmit data, restricted by its homology, there is no way to initiate a cross-domain request. For example, the page a.taobao.com / a.html cannot request through AJAX Access services under the b.taobao.com domain name

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-station request processing method and device and electronic equipment
  • Cross-station request processing method and device and electronic equipment
  • Cross-station request processing method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] Based on the above idea of ​​cross-site request processing, such as image 3 As shown in , it is the flow of the cross-site request processing method shown in the embodiment of the present invention Figure 1 , which can be accessed via figure 2 The execution of the cross-site request processing means 230 shown in is completed. Such as image 3 As shown, the cross-site request processing method includes the following steps:

[0045] S310. Obtain a cross-site request initiated from the service processing page in the browser, where the cross-site request is used to obtain service data from a target address different from the address that initiates the cross-site request.

[0046] Among them, the cross-site request in this solution means that the original address and the target address that initiate the page request are not the same source address. The cross-site request may be a request of a data transmission protocol including JSONP or cross-origin resource sharing ...

Embodiment 2

[0064] Such as Figure 5 As shown, it is the flow of the cross-site request processing method according to the embodiment of the present invention Figure three In this embodiment, a bridging page is embedded in the business processing page to realize the process of converting the cross-site request into a same-origin request with the same origin as the target address and sending the same-origin request to the server of the target address. Such as Figure 5 As shown, the cross-site request processing method includes the following steps:

[0065] S510. Load at least one iframe tag in the business processing page, and load a bridging page with the same origin as the target address in the iframe tag.

[0066] When the business processing page is initialized in the browser, the business processing page additionally loads an iframe through the pre-set JavaScript library, and a bridging page with the same origin as the target address of the cross-site request is loaded in the ifra...

Embodiment 3

[0081] Such as Figure 6 Shown is the structure of the cross-site request processing device according to the embodiment of the present invention Figure 1 , the cross-site request processing device can be set in figure 2 In the cross-site request processing system shown, it is used to perform such as image 3 Shown method step, it comprises:

[0082] The cross-site request acquisition module 610 is used to acquire the cross-site request initiated from the business processing page in the browser, and the cross-site request is used to obtain business data from a target address different from the address that initiated the cross-site request;

[0083] The request conversion module 620 is configured to convert the cross-site request into a same-origin request with the same source as the target address, and carry a check token for preventing cross-site request forgery in the same-origin request;

[0084] Same-origin request sending module 630, configured to send the same-origin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a cross-site request processing method and device and electronic equipment, and the method comprises the steps: obtaining a cross-site request initiated from abusiness processing page in a browser, and enabling the cross-site request to be used for obtaining business data from a target address which is different from the address where the cross-site request is initiated; converting the cross-site request into a homologous request homologous with the target address, and carrying a verification token for preventing the cross-site request from being forged in the homologous request; sending the homologous request to a server of the target address, so that the server processes the homologous request based on the verification token; and receiving a processing request result fed back by the server and a newly generated verification token, feeding back the processing request result to the service processing page, and updating the newly generated verification token to replace the currently used verification token. According to the scheme of the embodiment of the invention, the cross-station request service can be processed on the premise of effectively preventing the CSRF.

Description

technical field [0001] The present application relates to the technical field of communications, and in particular to a cross-site request processing method, device and electronic equipment. Background technique [0002] Cross-site request forgery (Cross-site request forgery, CSRF) is a kind of malicious use of websites, which uses trusted websites to achieve malicious attacks on target addresses by disguising requests from trusted users. In the cross-domain data access business of mainstream browsers, JSONP is used as the data transmission protocol in many scenarios. However, since the request is cross-domain, CSRF Token cannot be implanted on the page in the process of submitting data to the web server (using HTML form) like a traditional web application, so for some writing operation scenarios, such as sending a user For transfer, using JSONP directly will have a greater security risk. In addition, the JSONP protocol can only be submitted in GET mode, so parameters can ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/1483H04L63/0807H04L9/3213
Inventor 吕翔韩双虎
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com