However, requests can be triggered to the server-side code from anywhere - not just the client-side code we write. This is one of the most powerful aspects of how internet is designed: it allows linking between sites. But it is also the cause of a common security flaw, cross-site request forgery (CSRF).