Preparation for Recitation 24
Read the paper on Cross-Site Request Forgery.
Please answer the following question:
1. What does an attacker take advantage of in a CSRF attack? (Perhaps consider an example where Alice is authenticated into her bank account in one tab of her browser and she is browsing a forum in another tab. How might an attacker interact with Alice on the forum to perform a CSRF attack if the bank website does not have any protection?)
2. How can using the Origin Header in requests prevent CSRF attacks?