Security

Protection against CSRF attacks

Wikipedia: "Cross-site request forgery (also known as CSRF or XSRF) is a method of a malicious website attack, often confused (partly because of the simultaneous use of both methods)  for cross-site scripting (XSS), or considered its subset. The users who fall prey to CSRF unknowingly transmit forged requests  to the server. In contrast to XSS attacks, CSRF attacks are not directed at  the  websites and do not necessarily change their content. In this case the hacker's aim is to use the permissions to execute an operation, which would otherwise require the victim's authorization."