What a Cross-Site Request Forgery Attack Is and How to Prevent It

What a Cross-Site Request Forgery Attack Is and How to Prevent It

https://dzone.com/articles/what-a-cross-site-request-forgery-attack-is-and-ho?utm_medium=feed&utm_source=feedpress.me&utm_campaign=Feed%3A+dzone

When you are browsing a website, it is typical for that website to request data from another website on your behalf. For example, in most cases, a video that is shown on a website is not typically stored on the website itself. The video appears to be on the website but it is actually being embedded from video streaming websites such as youtube.com. That’s how Content Delivery Networks (CDNs), which are used to deliver content faster, work. Many websites store scripts, images, and other bandwidth-hungry resources on CDNs, so when you are browsing them the images and script files are downloaded from a CDN source near you rather than from the website itself. While all the above use cases are necessary for a good browsing experience, they might also be a source of a security problem, because the website you are browsing can request your web browser to retrieve data from another website without your consent. If such requests are not handled correctly, an attacker can launch a Cross-Site Request Forgery attack.

0 views