I am studying MVC Core and absolutely cannot understand why the AntiForgeryToken technology is needed.
I'm not asking how it works and how to configure it, but why it is needed.
If I send a Post request to myself host - AntiForgeryToken works - but why should I protect myself code from my own code?
If I send a Post request from another host - the Content Security Policy is triggered and AntiForgeryToken not used.
