Cross-Site Request Forgery
SMRTR summary
Cross-Site Request Forgery (CSRF) is an attack where browsers unknowingly send requests to websites using a victim's cookies. This vulnerability occurs when attackers trick users into making unauthorized state-changing requests to trusted sites where they're authenticated. Countermeasures include CSRF tokens, Origin header checks, SameSite cookies, and Fetch metadata headers. For modern applications, the recommended protection strategy primarily uses the Sec-Fetch-Site header, available in all major browsers since 2023, with Origin header checks as a fallback.
SMRTR provides this summary for quick context. The original article belongs to Hacker News.
Read the original article