• The most common way for preventing Cross-site Request Forgery is to employ a challenge token that is linked to a specific user and delivered as a hidden value in every state-changing form in the web app. The anti-CSRF token (commonly abbreviated as CSRF token) or synchronizer token functions as follows:
• The web server generates and saves a token.
• The token is set statically as a hidden field in the form, and the user submits it.\
• The token is part of the data in the POST request.
• The programme compares the token it generates and saves with the token given in the request.
• The request is legitimate if these tokens match.
• The request is invalid and denied if these tokens do not match.

Read More: Which is a more secure project: open-source or proprietary?