CSRF Protection Prevent Cross-Site Request Forgery attacks on your web application. When to Use - Implementing forms that change state - Building APIs consumed by browsers - Setting up session cookies - Reviewing authentication flows - Any state-changing POST/PUT/DELETE requests How CSRF Works Protection Methods 1. SameSite Cookies (Primary Defense) SameSite Options: | Value | Behavior | |-------|----------| | | Cookie never sent cross-site | | | Sent on top-level navigation (default) | | | Always sent (requires Secure) | 2. CSRF Tokens (Defense in Depth) 3. Double Submit Cookie Pattern 4. Cu…