Be aware: These variants of CSRF are particularly critical as they might bypass a lot of the common anti-CSRF countermeasures like token-primarily based mitigations and SameSite cookies. Such as, when synchronizer tokens or custom HTTP request headers are applied, the JavaScript system will incorporate them in the asynchronous requests. Idea: https://rafaelhwsmv.activablog.com/36790527/case-study-writing-solution-for-dummies
