基于Token的WEB后台认证机制
http://www.cnblogs.com/xiekeli/p/5607107.html
深入理解OAuth2.0协议
http://blog.csdn.net/seccloud/article/details/8192707
理解OAuth 2.0
http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
总结 XSS 与 CSRF 两种跨站攻击
https://blog.tonyseek.com/post/introduce-to-xss-and-csrf/#id4
浅谈 XSS & CSRF
http://www.jianshu.com/p/dda0c97967a5
oauth2.0 小结
http://mranderson.me/?p=36
跨域资源共享 CORS 详解
http://www.ruanyifeng.com/blog/2016/04/cors.html