Y
Hacker News
new
|
ask
|
show
|
jobs
by
hdhzy
3329 days ago
JS can't (that protects against stealing the token) but the server still receives it even when the request originates from foreign domain. That's the gist of CSRF [0].
[0]:
https://en.wikipedia.org/wiki/Cross-site_request_forgery