- I log in to Optimize
- In another tab I click on a link that contains a forged request to Optimize, which would perform an action that I don't want to perform, e.g. deleting a report.
- the forged request is not being executed
- such that:
- Optimize only performs actions that I authorized it to do and attackers acan't force me to execute unwanted actions
- Optimize is protected against CSRF attacks
- There is a security notice informing users that the Optimize 2.5 contains a protection mechanism agains CSRF attacks