Skip to content

CSRF

CSRF

Medium — good to knowSecurity

ELI5 — The Vibe Check

CSRF (Cross-Site Request Forgery) is when a bad website hijacks your logged-in session on a good website to do things you didn't ask for. Your browser helpfully sends cookies with every request — CSRF exploits that helpfulness. The fix is a secret token only your real app knows.

Real Talk

CSRF forces authenticated users to execute unwanted actions on web applications. It exploits the browser's implicit trust model where cookies are sent automatically. Mitigations include CSRF tokens, SameSite cookie attribute (Strict or Lax), and requiring custom request headers.

When You'll Hear This

"CSRF attack forged a bank transfer using the victim's session." / "The CSRF token mismatch blocked the forged request."

Related Terms

CORS (CORS)

CORS (Cross-Origin Resource Sharing) is the browser's built-in protection that prevents random websites from making API calls to your backend using the vis...

intermediateSecurity

Cross-Site Request Forgery (CSRF)

CSRF tricks your browser into making requests to another site while you're logged in.

intermediateSecurity

Session Hijacking

Session hijacking is when an attacker steals your session cookie or token and impersonates you.

intermediateSecurity

Token

In AI-land, a token is a chunk of text — roughly 3/4 of a word.

beginnerVibecoding

XSS (XSS)

XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.