CSRF

Cross-Site Request Forgery (CSRF) abuses the fact that a browser automatically attaches your cookies to any request to a site you are logged into. A malicious page can therefore make your browser POST to your bank or admin panel in the background. The standard defences are anti-CSRF tokens and SameSite cookies that stop the cookie riding along on cross-site requests.