Understanding CSRF: Why Cookies Aren't Enough
The Problem
Imagine you're logged into bank.com. While browsing the web, you visit evil.com which contains this innocent-looking link:
Win a Free iPhone! π
When you click, your browser sends the request to bank.com with your authentication cookies a...
andersonleite.com3 min read