Get full access to Security with Go and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

CSRF tokens

Cross-Site Request Forgery, or CSRF, tokens are a way of trying to prevent one website from taking action on your behalf against a different website.

CSRF is a common attack where a victim will visit a website with malicious code embedded that tries to make a request to a different site. For example, a malicious actor embeds JavaScript that makes a POST request to every bank website attempting to transfer $1,000 to the attacker's bank account. If the victim has an active session with one of those banks, and the bank does not implement CSRF tokens, the bank's website may accept the request and process it.

It is possible to be the victim of a CSRF attack even on a trusted site, if the trusted site is vulnerable to either reflective ...

Get Security with Go now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now