Cross-Site-Request Forgery (CSRF)
Victims are executing actions unwillingly on Webapplications they are authenticated to. Some of those actions are
- changing password
- changing email-addresse
- changing user-role
- create account
- transfer money
Synchronizer Token Pattern (STP)
This pattern includes a token, secret and a unique value in each request which is then validated by the server.
Set the "SameSite" attribute to "Strict" to stripe it off all cross-origin requests.