CSRF

acronym

web devsecurity

Stands for: Cross-Site Request Forgery

An attack that tricks a logged-in user's browser into making an unwanted request.

Cross-Site Request Forgery abuses the fact that browsers attach cookies automatically: a malicious page can cause your authenticated browser to perform an action you did not intend. Anti-CSRF tokens and same-site cookies are the usual defences.

Also known as: csrf, xsrf, cross-site request forgery, sea-surf

All glossary entries