Promptles
Security

CSRF (Cross-Site Request Forgery)

intermediate

Definition

An attack that abuses the fact that you're already logged into a site. A different, sneaky page tricks your browser into sending a request to that trusted site on your behalf. And the site thinks it's you, because your login is still valid.

In the wild

You're logged into your bank in one browser tab. In another tab, you visit a sketchy website that quietly submits a 'transfer money' request to your bank. Because you're still signed in, the bank treats the request as coming from you and tries to send the money. CSRF protections are designed to catch and block exactly this trick.

More from Security