Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery is a type of web app vulnerability that forces users to execute unwanted actions when authenticated to an application.

Preventing cross-site attacks using same-site cookies explains how Dropbox's engineering team rolled out their same-site cookie defense that augments other CSRF protections for users.
Securing your site like it's 1999 covers many common web application vulnerabilities including Cross-Site Request Forgery issues.

Plushcap, by Matt Makai. 2021-2026.