Why do most examples of CSRF use roundabout ways of executing an API call instead of just using pure Javascript?
When I see examples of CSRF attacks, it is almost always explained with someone entering some external API url in an <img> tag, e.g. <img src="bank.com/transfer?amount=10000?recipient=badguy">. Or it involves a form w… Continue reading Why do most examples of CSRF use roundabout ways of executing an API call instead of just using pure Javascript?