Cross-Site Request Forgery is a type of web app vulnerability that forces users to execute unwanted actions when authenticated to an application.
Preventing cross-site attacks using same-site cookies explains how Dropbox's engineering team rolled out their same-site cookie defense that augments other CSRF protections for users.
Securing your site like it's 1999 covers many common web application vulnerabilities including Cross-Site Request Forgery issues.