However, requests can be triggered to the server-side code from anywhere -
not just the client-side code we write. This is one of the most powerful
aspects of how internet is designed: it allows linking between sites.
But it is also the cause of a common security flaw,
cross-site request forgery (CSRF).