Other examples of CSRF
CSRF can also happen in many other ways. In this section, we'll cover the other basic examples on how CSRF can happen.
CSRF using the <img> tags
This is a classic example. Consider the following instance:
<img src=http://yousite.com/delete?id=2 />
Should you load a site that contains this img
tag, chances are that a piece of data may get deleted unknowingly.
Now that we have covered the basics of preventing CSRF attacks through the use of CSRF tokens, the next question you may have is: what if there are times when you need to expose an API to an external app? For example, Facebook's Graph API, Twitter's API, and so on, allow external apps not only to read, but also write data to their system.
How do we prevent malicious attacks in this situation? We'll cover this and more in the next section.