CSRF token
This article is a stub. You can help the IndieWeb wiki by expanding it.
CSRF token is a method of adding authentication data to a html form that will be transmitted along with the other POST data that allows the server side code to verify that the POST is valid
Using a CSRF token is the most common prevention strategy. A token (state, nonce) is generated and stored in the browser session, and passing it into the authorization endpoint. Then when receiving a callback from the authorization endpoint, relying parties can simply compare the token to the one stored in the session to confirm that the request originated at the authorization endpoint. [1]