Cross Site Request Forgery is a malicious attack to exploit a website's trust in a user's browser.

- Stackoverflow.com Wiki
2 articles, 0 books.

After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies.


There is a widespread misconception that having a CAPTCHA in place protects against CSRF. In most cases, this is incorrect at best and dangerous at worst. CAPTCHA does not prevent CSRF – here’s why.