Server-sent events, unlike WebSockets, are unidirectional; that is, data packets are transmitted from the server to the client (such as a user's web browser). This makes them a good alternative when data from the client to the server does not need to be sent in message form.
Cross-Site Request Forgery (CSRF) is a type of attack that causes an authorized user to do undesirable activities on a web application. An attacker can deceive users of a web application into doing activities of the attacker's choosing using social engineering techniques.