diff --git a/Cross-Site Request Forgery/README.md b/Cross-Site Request Forgery/README.md
index f6558ef6..ddb5ac2b 100644
--- a/Cross-Site Request Forgery/README.md	
+++ b/Cross-Site Request Forgery/README.md	
@@ -14,6 +14,8 @@
     * [JSON GET - Simple Request](#json-get---simple-request)
     * [JSON POST - Simple Request](#json-post---simple-request)
     * [JSON POST - Complex Request](#json-post---complex-request)
+
+* [CSRF Middleware Bypass](#CSRF-Middleware-Bypass)
 * [Labs](#labs)
 * [References](#references)
 
@@ -133,6 +135,18 @@ xhr.send('{"role":admin}');
 </script>
 ```
 
+## CSRF Middleware Bypass
+- In CSRF, some frameworks automatically block CSRF via middleware by validating tokens on unsafe HTTP methods and return 403, Example:
+  
+| Technology      | Prevent it                  | You accept           |
+|:----------------|:----------------------------|:--------------------|
+| Go Fiber        | POST, PUT, DELETE           | PATCH               |
+| Django          | POST, PUT, PATCH, DELETE    | GET, HEAD, OPTIONS  |
+| Laravel         | POST, PUT, PATCH, DELETE    | GET, HEAD           |
+| Express.js (csurf) | POST, PUT, PATCH, DELETE | GET, HEAD, OPTIONS  |
+| Spring Boot     | POST, PUT, PATCH, DELETE    | GET, HEAD, OPTIONS  |
+| Ruby on Rails   | POST, PUT, PATCH, DELETE    | GET, HEAD, OPTIONS  | 
+
 ## Labs
 
 * [PortSwigger - CSRF vulnerability with no defenses](https://portswigger.net/web-security/csrf/lab-no-defenses)