NB: This is the third post in a series
[https://coffeeonthekeyboard.com/best-basic-security-practices-especially-with-django-697/] of
posts on web application security.
The quintessential example of a CSRF (sometimes pronounced “sea-surf”) is a bank
that naively does transfers over a GET request without any other security:
http://badbank.com/transfer?from=act1&to=
