This write-up is about an interesting technique not known to many people, which I used to bypass CSRF protection on every single endpoint of a website that belonged to a private bug bounty program. I…