Cross-Site Request Forgery (CSRF) is when your browser gets tricked into doing something, like submitting a form using your login, without you knowing.
It works because browsers send your cookies automatically, even if the request comes from another site. That means an attacker can abuse your login to perform actions on your behalf.
Best way to stop it?
Use CSRF tokens, set SameSite on cookies, and don’t trust requests just because the user’s logged in.
It works because browsers send your cookies automatically, even if the request comes from another site. That means an attacker can abuse your login to perform actions on your behalf.
Best way to stop it?
Use CSRF tokens, set SameSite on cookies, and don’t trust requests just because the user’s logged in.
