Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) is a security threat where an attacker tricks a logged-in user into unintentionally performing actions on a website without their consent. It exploits the trust a website has in the user's browser. For example, if you’re logged into your bank and visit a malicious site, that site could send unauthorized commands to transfer money, using your authenticated session. To prevent this, websites use security measures like tokens to confirm requests genuinely come from the user, safeguarding against unwanted actions initiated by malicious sites.