In a CSRF (Cross Site Request Forgery) attack, the attacker hosts a site that, when visited or interacted with by a victim, sends a request to the target site with the client’s cookies.
To prevent such attacks, make sure that cookies are set to SameSite=strict so that a third-party site cannot use it, and also incorporate the use of CSRF token into the web server.