To avoid the risk associated with this vulnerability, it is recommended to include a secret in all requests that may generate a change in the application's data. A secret is understood, for example, as an extra parameter, generated and sent to the client when accessing the web resource from which the request to be protected is launched. This secret must be generated randomly and be different for each request to be made. On the server side, the application must check that these requests, which cause significant modifications to the data, include the previously generated secrets. If this is not included or is erroneous, the application should not perform the corresponding action. In addition to this secret, it is recommended to set the "SameSite" attribute in the session cookie with the following values: - SameSite=Strict: this value prevents the cookie from being sent in any cross-origin request. - SameSite=Lax: this is the value that is recommended in this case as any action carried out via POST or via a script from a cross-origin will be rejected by the browser.