1 article with this tag
CSRF makes a logged-in user's browser send an unintended action, abusing the browser's habit of auto-attaching cookies. The real defense is CSRF tokens plus SameSite cookies. Never use GET for state changes.