Anuj Varma, Hands-On Technology Architect, Clean Air Activist

Basic High Level Flow The attacker hijacks your authentication credentials (your cookie) - and uses that to call a sensitive API. If the API is callable from 'all origins', then…