14 · Shipping & Collaboration

CSRF

Cross-Site Request Forgery

A trick where a malicious page makes your browser call a site where you are already logged in. Defenses include anti-CSRF tokens and careful cookie rules.

Concrete example

A hidden form on an evil page that submits “transfer money” to your bank while you are logged in.

Why it matters

Matters whenever cookie-based auth can mutate state.