Skill

csrf-protection

Implements CSRF protection using synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation for forms and state-changing operations in Node.js/Express and Flask.

Javascript

Node

Install

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [Overview](#overview)

Supporting Assets

references/double-submit-cookie-pattern.mdreferences/frontend-csrf-implementation.mdreferences/nodejsexpress-csrf-protection.mdreferences/origin-and-referer-validation.mdreferences/python-flask-csrf-protection.mdscripts/security-checklist.sh

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars180

Forks28

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

CSRF Protection

Table of Contents

Overview

Implement comprehensive Cross-Site Request Forgery protection using synchronizer tokens, double-submit cookies, SameSite cookie attributes, and custom headers.

When to Use

Form submissions

State-changing operations

Authentication systems

Payment processing

Account management

Any POST/PUT/DELETE requests

Quick Start

Minimal working example:

// csrf-protection.js const crypto = require("crypto"); const csrf = require("csurf"); class CSRFProtection { constructor() { this.tokens = new Map(); this.tokenExpiry = 3600000; // 1 hour } /** * Generate CSRF token */ generateToken() { return crypto.randomBytes(32).toString("hex"); } /** * Create token for session */ createToken(sessionId) { const token = this.generateToken(); const expiry = Date.now() + this.tokenExpiry; this.tokens.set(sessionId, { // ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Node.js/Express CSRF Protection	Node.js/Express CSRF Protection
Double Submit Cookie Pattern	Double Submit Cookie Pattern
Python Flask CSRF Protection	Python Flask CSRF Protection
Frontend CSRF Implementation	Frontend CSRF Implementation
Origin and Referer Validation	Origin and Referer Validation

Guide

Contents

Node.js/Express CSRF Protection

Double Submit Cookie Pattern

Python Flask CSRF Protection

Frontend CSRF Implementation

Origin and Referer Validation

Best Practices

✅ DO

Use CSRF tokens for all state-changing operations

Set SameSite=Strict on cookies

Validate Origin/Referer headers