geo*_*per 5 php cookies codeigniter
我在资产控制器中有此代码来获取图像:
function images($path,$image_name)
{
$image = "../assets/images/$path/$image_name";
if (file_exists ($image) && (is_file($image))) {
$name = $image_name;
} else {
}
$file = getimagesize($image);
$filesize = filesize($image);
$time_cache = 360000000000;
$ts = gmdate("D, d M Y H:i:s", time() + $time_cache) . " GMT";
header("Content-Type: {$file['mime']}\n");
header("Content-disposition: inline; filename=\"$name\"\n");
header("Content-Length: $filesize\n");
header("Expires: $ts");
header("Pragma: cache");
header("Cache-Control: max-age=$time_cache");
readfile ($image);
}
我已将 csrf 保护设置为truein,config/config.php file并且每个对图像的请求都带有Set-Cookie标头。因此 csrf-cookie 可以在某些页面上多次设置。这是否值得担心,如果是,是否有办法防止这种情况发生?
我设法做到了这一点header_remove("set-cookie");
所以代码看起来像这样
header("Content-Type: {$file['mime']}\n");
header("Content-disposition: inline; filename=\"$name\"\n");
header("Content-Length: $filesize\n");
header("Expires: $ts");
header("Pragma: cache");
header("Cache-Control: max-age=$time_cache");
header_remove("set-cookie");
readfile ($image);