loading
loading
Cross-site request forgery: tricking a logged-in browser into submitting an unwanted request.
CSRF abuses cookies that are automatically sent with requests. Mitigations include same-site cookies, CSRF tokens, and checking request origins.
Plainly
Think of CSRF as the lock and rules that keep people and data safe. Cross-site request forgery: tricking a logged-in browser into submitting an unwanted request.
In practice
Use it when a workflow touches secrets, permissions, user data, payments, or untrusted input. In practice, define the owner, input, output, and failure mode before you rely on it.