CSRF and injection

CSRF: Cross site request forgery, occurs when the attacker makes a request to your server posing to be somene. Since the server doesn’t if the request is coming from the logged in user attacker can make requests like <delete_user> and do some good damage

To solve this each user is assigned a CSRF token and it is sent to the frontend, but bad actor cant use it since the CSRF token is created using a SECRET_KEY which is on the server. So now when the forms are submitted the CSRF token is also checked

If it’s not found then error thrown instead of proceeding forward, which is the case when a bad actor makes a request.