Code Safari

Chapter 96·Intermediate

CSRF Explained: How a Random Site Can Act as You — and How to Stop It

01 / 05

The core

CSRF rides your login without stealing it.

The attacker never sees your password or session. They just get your browser to fire a request at a site you're logged into — and the browser attaches your cookies automatically.

CSRF Explained: How a Random Site Can Act as You — and How to Stop It | Code Safari