Cross-Site Request Forgery
Also known as: csrf, xsrf
Tricking a logged-in user's browser into sending an unwanted authenticated request to another site.
In a CSRF attack, a page you visit silently submits a form to a different site where you're logged in — transferring money, changing an email, deleting an account. Because your browser attaches the session cookie automatically, the target site sees a legitimate request.
Mitigations include SameSite cookies (which now default to Lax in most browsers), CSRF tokens embedded in forms, and requiring re-authentication for sensitive actions.
