From aj-geddes-useful-ai-prompts-4
Implements CSRF protection using synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Useful for securing forms and state-changing operations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aj-geddes-useful-ai-prompts-4:csrf-protectionThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- [Overview](#overview)
Implement comprehensive Cross-Site Request Forgery protection using synchronizer tokens, double-submit cookies, SameSite cookie attributes, and custom headers.
Minimal working example:
// csrf-protection.js
const crypto = require("crypto");
const csrf = require("csurf");
class CSRFProtection {
constructor() {
this.tokens = new Map();
this.tokenExpiry = 3600000; // 1 hour
}
/**
* Generate CSRF token
*/
generateToken() {
return crypto.randomBytes(32).toString("hex");
}
/**
* Create token for session
*/
createToken(sessionId) {
const token = this.generateToken();
const expiry = Date.now() + this.tokenExpiry;
this.tokens.set(sessionId, {
// ... (see reference guides for full implementation)
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Node.js/Express CSRF Protection | Node.js/Express CSRF Protection |
| Double Submit Cookie Pattern | Double Submit Cookie Pattern |
| Python Flask CSRF Protection | Python Flask CSRF Protection |
| Frontend CSRF Implementation | Frontend CSRF Implementation |
| Origin and Referer Validation | Origin and Referer Validation |
npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Secures web forms, state-changing endpoints, and authentication layers.
Prevents CSRF attacks by validating request origin and using unpredictable tokens for state-changing operations. Covers SameSite cookies, sync token pattern, double-submit cookie pattern, and origin header validation.
Protects state-changing endpoints (POST, PUT, PATCH, DELETE) from cross-site request forgery using synchronizer tokens, SameSite cookies, or origin verification.