A CSRF attack occurs when a user is tricked into interacting with
a page or script on a third-party site that generates a malicious request
to your site. All your server will see is an HTTP request from an
authenticated user. However, an attacker takes control over the form of the
data sent in the request to cause mischief.