web/Zalewski本/第4章について、ここに記述してください。

Hypertext Markup Language

末尾の注意:

A  Note on Cross-Site Request Forgery   (p. 84)
{{{
On all types of cross-domain  navigation,
the browser will transparently include any ambient credentials;
consequently, to the server, 
a request legitimateley originating from tis owen client-side code
will appear roughly the same as a request  originateing forom a rogue third-party site,
and it may be granted the same privileges.
}}}

{{{
     Applications that fail to account for this possipility
when processing any sensitive, state-changing requests
are said to be vulnerrable to ""cross-site request forgery" (XSRF or CSRF).
}}}