# Cross-Site Request Forgery (CSRF)

### What is Cross-Site Request Forgery (CSRF)?

Cross-Site Request Forgery (CSRF), also known as XSRF, is a type of security vulnerability that occurs when a malicious website, email, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

### How Does CSRF Work?

The attack works by including a link or script in a page that accesses a site to which the user is authenticated. If the user is authenticated to the site, the site trusts the user and the user's browser, so no distinction between the attacker's requests and the user's requests can be made.

### Example of a CSRF Attack

Imagine a situation where a user is logged into their bank's website and they navigate to a different site that contains a hidden form designed to transfer money from the user's account to the attacker’s account without the user's knowledge.

### Preventing CSRF Attacks

To protect against CSRF attacks, websites use anti-CSRF tokens, where a random token is generated and verified with each request. SameSite cookies attributes and proper CORS policies are also effective in mitigating CSRF risks.

```javascript
// WARNING: This is an example of what NOT to do as it's a security risk.
// Do NOT use this code in any production environment.

// Simulated malicious JavaScript that could be used in a CSRF attack
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://www.examplebank.com/transfer", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.withCredentials = true;
var requestBody = "amount=1000&destinationAccount=attacker";
xhr.send(requestBody);
```

```html
// Example of an HTML form that could be used in a CSRF attack
// WARNING: This is for educational purposes only.
<html>
  <body>
    <h1>You've won a prize! Click the button to claim!</h1>
    <form action="http://www.examplebank.com/transfer" method="POST">
      <input type="hidden" name="amount" value="1000" />
      <input type="hidden" name="destinationAccount" value="attacker" />
      <input type="submit" value="Claim Prize!" />
    </form>
  </body>
</html>
```

```javascript
// Example CSRF token implementation snippet
// Include this in a secure, server-side application only.

// Generate a CSRF token
function generateCsrfToken(session) {
  // Token should be large and random to prevent guessing attacks
  var token = require('crypto').randomBytes(64).toString('hex');
  // Store the CSRF token in the user's session for validation of subsequent requests
  session.csrfToken = token;
  return token;
}
```

```html
// Inject the CSRF token as a hidden field in a form
<form action="/process" method="post">
  // Assuming `csrfToken` is available in the context
  <input type="hidden" name="_csrf" value="<%= csrfToken %>">
  // The rest of your form fields go here
</form>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oswe-certification.certs-study.com/topics-covered/cross-site-request-forgery-csrf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.