CSRF
CSRF (Cross-Site Request Forgery) tricks a logged-in user’s browser into submitting a request; anti-forgery tokens help prevent it.
CSRF is an attack where a user’s browser is tricked into making an unwanted request to a site they’re logged into.
- Mitigation: anti-forgery tokens
- Use SameSite cookies and proper headers
- Most relevant to state-changing POST/PUT/DELETE