The Cross-site Request Forgery FAQ
has been released to address some of the common questions and
misconceptions regarding this commonly misunderstood web flaw. This
paper serves as a living document for Cross-Site Request Forgery issues
and will be updated as new information is discovered.
If you have any suggestions or comments please contact us.
UPDATE:
Since this is a living document I’ve made a few changes as additional information has been brought to my attention.