RepairYour.Tech
security en

Cross-site request forgery

security

Also called: CSRF

Plain-language definition

Plain-language definition

An attack that tricks a signed-in browser into sending an unwanted request.

Why it matters

CSRF protection prevents another site from silently changing account or payment settings.

Technical detail

Cross-site request forgery abuses ambient credentials such as cookies when a state-changing endpoint does not verify request origin or an unpredictable CSRF token.

Examples

  • A malicious page attempts to submit a payout-change form using the victim’s active session.

Sources and review

Reviewed July 12, 2026 by e2e-1783854138445-0citu53rtqqe@test.repairyour.tech. Next review due January 11, 2027.

  1. Cross Site Request Forgery — OWASP Foundation Accessed 7/11/2026

See something we should improve?

Suggest a correction to “Cross-site request forgery.” Suggestions are reviewed before the published definition changes.

Press ? for shortcuts