Bummer! This is just a preview. You need to be signed in with an account to view the entire instruction.


Preventing Cross-Site Request Forgery (CSRF)

The last step that we'll take in this section to protect our users' data, is to add protection against a common security attack vector known as Cross-Site Request Forgery or CSRF. CSRF is an attack that forces an end user to execute unwanted actions on a web app in which they're currently authenticated.

> For an overview of how a CSRF attack works, see [this page](https://www.owasp.org/index...