Cross Site Request Forgery - Simple Explanation With an Analogy (No Code)
Imagine you come home to your house and open your door using a key. You open the door – but before you go inside, your neighbour calls you over from across the road and you both have a very amicable conversation about the weather or perhaps President Donald Trump’s latest 3.45 am tweets etc. While you are having this conversation, unbenknowst to you, somebody else sees you outside, and decides to impersonate you by wearing your same clothes and hair style and decides to go into your own house pretending to be you!
Nobody inside your house notices anything different - your wife is like, ‘oh, he’s home’. The impersonator helps himself to all of your money, and perhaps plays some Xbox on the way out and nobody is any wiser.
CSRF basically relies on the fact that you opened the door to your house and then left it open, allowing someone else to simply walk in and pretend to be you.
Granted, the analogy is a little strained, but I hope it is helpful to you.
The way to solve this problem is to ensure that someone checks your driver’s license at the door itself. Basically.