However, requests can be triggered to the server-side code from anywhere - not just the client-side
code we write. This is one of the most powerful aspects of how internet is designed: it allows
linking between sites. But it is also the cause of a common security flaw, cross-site request
forgery (CSRF).