mitigation for CSRF



1. Make sure every HTTP request submitting a form or any other kind of input comes from 'same origin'.

2. Use a CSRF token, which is required by every form or input on the site.
Note: You should avoid using CSRF tokens in GET requests, and therefore you should avoid having any sensitive actions in GET request at all. It's better to use POST requests for sensitive form submissions. Doing otherwise could leak the CSRF token for a user's session and leave them vulnerable to CSRF attacks for the duration of their session.