A CSRF attack occurs when a user is tricked into interacting with a page or script on a third-party site that generates a malicious request to your site. All your server will see is an HTTP request from an authenticated user. However, an attacker takes control over the form of the data sent in the request to cause mischief.