Why isn't standard authentication enough to prevent CSRF?

Browsers automatically include session cookies in requests to the target domain regardless of where the request originated; CSRF protection adds a required secret that an attacker cannot spoof.

Which HTTP methods are protected by this skill?

The skill focuses on protecting all state-changing methods including POST, PUT, PATCH, and DELETE, while advising against using GET for modifications.

Does this skill help remediate security audit findings?

Absolutely. It provides the necessary patterns to fix CSRF vulnerabilities often identified during penetration tests or automated security scans.

Can I use this with React and Node.js?

Yes, it includes specific code patterns for Express.js middleware and React form integration to ensure end-to-end protection.

CSRF Protection

Name: CSRF Protection
Author: secondsky

bysecondsky

•

安全与测试

Safeguards web applications by implementing multi-layered Cross-Site Request Forgery (CSRF) defenses and secure token patterns.

This skill provides comprehensive guidance and production-ready boilerplate for implementing robust CSRF protection across modern web architectures. It enables Claude to assist developers in deploying synchronizer tokens, double-submit cookies, and SameSite attribute configurations to secure state-changing endpoints. By offering specific implementation patterns for Express, Flask, and React, it ensures applications are hardened against cross-origin attacks using industry-standard security best practices and defense-in-depth strategies.

主要功能

01Integration patterns for React frontend hooks and Python/Flask backends

02Best practices for Origin and Referer header validation

03Synchronizer token pattern implementation for state-changing requests

04Double-submit cookie validation logic for stateless architectures

0521 GitHub stars

06Configuration of SameSite cookie attributes (Strict/Lax) for modern browsers

使用场景

01Securing sensitive user actions like financial transfers or account updates

02Hardening Node.js/Express APIs against cross-origin vulnerabilities

03Implementing modern security layers in React-based single-page applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add secondsky/claude-skills csrf-protection

For use in Claude.ai and ChatGPT

Download Skill