CSRF and SSRF
Two request-forgery flaws share a name and nothing else. CSRF tricks a logged-in user's browser into sending an unwanted request to a site that trusts the user's cookie; SSRF tricks the server into making a request to somewhere it should not, often reaching internal systems the attacker cannot. Both exploit misplaced trust in where a request came from, and each has a distinct defense.
This topic covers each attack against app.meridian.example and api.meridian.example — because despite the rhyming names, they have different victims and different fixes.
CSRF — Abusing the User's Session
Because browsers automatically attach cookies to requests, a malicious page can make the victim's browser POST to Meridian while the victim is logged in — and the server sees a valid session and performs the action. The attack rides the user's authenticated trust: the request is genuinely from the user's browser, just not from the user's intent.
Defending Against CSRF
The defenses are anti-CSRF tokens — a per-session secret the attacker's page cannot know — the SameSite cookie attribute, which stops cross-site cookie attachment, and checking the Origin and Referer headers. Modern SameSite=Lax defaults blunt CSRF considerably, but they do not fully replace tokens for sensitive state-changing actions.
SSRF — Abusing the Server's Trust
When the app fetches a URL the user supplies — a webhook, an image proxy, a link preview, a PDF renderer — an attacker points it at internal addresses the server can reach and they cannot: internal admin services, or the cloud metadata endpoint at 169.254.169.254. The server, trusted inside the network, dutifully retrieves it. SSRF has become a top cloud-breach vector precisely because that metadata endpoint hands out the instance's credentials.
Defending Against SSRF
Allow-list the destinations the server may fetch, block internal and link-local ranges and the metadata endpoint, resolve-and-validate the address before connecting (to defeat DNS rebinding), and isolate the fetching component so a successful SSRF reaches as little as possible. In the cloud, use hardened metadata (IMDSv2-style) so SSRF cannot trivially lift instance credentials (Chapter 13).
CSRF — the client's browser is tricked into a request to your server; it exploits cookie-based trust in the user, and is fixed with tokens and SameSite.
SSRF — your server is tricked into a request to an attacker-chosen, often internal destination; it exploits the network's trust of the server, and is fixed with destination allow-lists and metadata blocking. Different victim, different fix.
- Protecting state-changing actions with cookies alone and no CSRF token or
SameSite, so any site can trigger them in a logged-in user. - Assuming
SameSite=Laxfully solves CSRF, when some flows and top-level navigations still need tokens for sensitive actions. - Fetching user-supplied URLs without restriction, letting SSRF reach cloud metadata and internal services — a direct path to cloud credential theft.
- Validating the URL once but being defeated by redirects or DNS rebinding, because the check and the connection use different resolutions.
- Running the URL-fetching feature with the app's full network access and credentials.
- Use anti-CSRF tokens for state-changing requests and set
SameSiteon session cookies; never change state on a GET. - For any server-side fetch, allow-list destinations, block link-local and internal ranges and cloud metadata, and validate after final DNS resolution.
- Isolate URL-fetching features — separate egress, no credentials — so a successful SSRF reaches as little as possible.
- In the cloud, use hardened metadata endpoints (IMDSv2-style) so SSRF cannot lift instance credentials (Chapter 13).
- Check
OriginorRefereron sensitive requests as an added CSRF layer.
Knowledge Check
What is the key difference between CSRF and SSRF?
- CSRF tricks the browser; SSRF tricks the server
- They are two names for the same attack
- CSRF targets the database; SSRF targets the CPU
- CSRF only works over HTTP and SSRF only over HTTPS
Why is SSRF such a dangerous vector in cloud environments?
- It can point the server at the metadata endpoint for credentials
- It lets the attacker read the user's browser cookies and local storage
- It automatically encrypts the attacker's traffic
- It only affects on-premises servers, never cloud
What actually defends against SSRF reaching internal services?
- Allow-listing destinations and blocking internal ranges
- An anti-CSRF token attached to every outbound fetch request
- Setting SameSite on the session cookie
- Encoding the fetched response as HTML
You got correct