The disclosure provides method for preventing CSRF attacks, in which the method provides: intercepting request sent from a client browser to a server; generating a token; generating a response to the request; inserting the token into the response to the request; and sending the response to the request to the client browser with the token inserted into the response. With the method of the disclosure, it is assured that a token is inserted into all the requests made by a user through a client browser for accessing a resource. And it can be assured that the request is issued by the user himself by verifying whether the token in the request is valid, thereby preventing a CSRF attack.