Cross-Site Request Forgery (CSRF) requests are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.
CodeIgniter 4 provides protection from CSRF attacks. But it is not enabled by default same as CodeIgniter 3.
The token is generated for each user and it is managed by CodeIgniter to verify the user request.
In this tutorial, I show how you can enable CSRF protection and send AJAX request with CSRF token in the CodeIgniter 4 project.