Tip: CSRF is generally pronounced either letter by letter or as sea surf.
How does a CSRF attack work?
The attack involves the attacker creating a website that has a method of making a request on another website.
In JavaScript there are ways to cause an action to happen automatically.
Thanks to this fact, the computer that makes the CSRF request is actually that of the victim.
Unfortunately, this means that the request is made with all the permissions that the user has.
These permissions are your session and authentication tokens to the target website.
Your internet tool automatically includes these details in any request it makes.
CSRF attacks are somewhat complex to arrange.
The attacker then needs to craft a request to perform the desired action.
To prevent CSRF issues the best thing you might do is include a CSRF token.
