Cross-site request forgery (CRSF) can also be shortened to XSRF. This is a common attack where the attacker infuses an unwanted action while the client is interacting (request/response) with the hosted application. Generally, attackers use malicious code to influence the interaction.
Malicious code is scripting code that downloads onto a web browser and executes, even without the knowledge of the authenticated user. For details, refer to https://www.techopedia.com/definition/4013/malicious-active-content.
Attackers are very smart, and they use different platforms to provide spurious links to malicious code. These links are very similar to the domain (website) that is under attack. Financial websites are the main targets.
The following diagram depicts an XSRF attack:
Attackers could send a link via email, social media, or any other medium. When the user clicks on the link, he or she will be in the world of the attacker without knowing that it's a spurious site and not their intended site.
You can find the official web page at https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery.
CSRF vulnerabilities are fundamentally a problem with the web app, not the end user.
To handle this kind of attack, you need to build a system that is secure and properly authenticated. I will walk you through the details in the coming section focusing on authentication.