What's the point of csrf?

Nextcloud version: 16,17,18 snap or self-install
Operating system and version: Ubuntu 18.04
Apache or nginx version: whatever ships with snaps or stock ubuntu repos
PHP version: whatever ships by default, and manually installed php-fpm 7.3 on one of my instances

The issue you are facing:
I want to understand the point of csrf - it seems it only gets in the way of webdav access. Furthermore requiring a manual optout in the config for the UserAgent is not a maintainable solution.

Is this the first time you’ve seen this error? Y

Steps to replicate it:

  1. Install nextcloud - however you like
  2. Run buttercup.pw and set up a vault.
  3. Good look doing anything else because you’ll get error 503 for every single request thereafter

What’s up with the official documentation guys? 0 results for csrf?

So, yes I’d like to know what exactly is this feature for, what does it do, and why is it applied to webdav connections?