Oh, it actually works

CSRF