Skip to main content Skip to docs navigation
View on GitHub

CSRF

CSRF (Cross-Site Request Forgery) is an attack that impersonates a trusted user and sends a website unwanted commands.

On this page

CSRF

This can be done, for example, by including malicious parameters in a URL behind a link that purports to go somewhere else:

html 
                                    
                                        
                                            
                                                <
                                                img
                                            
                                            src
                                            
                                                =
                                                "
                                                https://www.example.com/index.php?action=delete &id=123"
                                            
                                            />

For users who have modification permissions on https://www.example.com , the <img > element executes action on https://www.example.com without their noticing, even if the element is not at https://www.example.com .

There are many ways to prevent CSRF, such as implementing RESTful API , adding secure tokens, etc.

See also

Updated on April 20, 2024 by Datarist.