The Problem:

position ease box interval due
front 2.5 0 0 2021-09-12T08:03:13Z
  1. Man in the middle attack, hacker tricks client to believe that his/her machine is the actual server or sends email with link to initial a transaction on original site.
  2. CSRF client tricks server to believe that it is the intended client.
    1. Assuming that the user is currently accessing “http://bank.com”, logged in

    2. Also user has opened a malicious website, which is similar to the bank.com, that has below content

The solution:

  1. Make it mandatory for client to also send an additional token, which server validates, along with every post request
  2. Server sends this token to intended client as HTTP response
<form action="" method="post">
{% csrf_token %}
</form>

  3.  Although this token is present in the HTML sent to the intended client, the Malicious website cannot access it because of . Note: for more details check