CSRF (Cross Site Request Forgery ) is a serious security vulnerability for websites which are relying on cookies for authentication.

Browsers will send cookies belonging to a domain, no matter which website the request was made from. So if you’re authenticated on, an attacker can make malicious HTTP requests to on your behalf even when you’re browsing a completely different website.

Make sure safe methods are safe!

The CSRF protection only works on unsafe methods - DELETE, POST, PUT etc.

Make sure that safe methods (e.g. GET) are indeed safe, meaning they do not cause state to change (i.e. adding data to the database, or other side effects).