Cross Site Request Forgery (CSRF) ================================= A Cross Site Request Forgery or CSRF (pronounced *see surf*) is an attack on an authenticated user where the user's existing session on a website is tricked into performing an action (e.g. a purchase, a transfer, or profile update). .. note:: CSRF is also sometimes called XSRF Some HTML elements cause the browser to send requests to other domains. For example, a ``
Notice that there is a small JavaScript snippet to automatically submit the form element.