csrf-protection

SKILL.md

Imagine you're logged into your banking app. In another tab, you visit a malicious website. That website contains hidden code that submits a form to your bank: "Transfer $10,000 to attacker's account." Because you're logged in, your browser automatically sends your session cookie, and the bank processes the transfer.

This is Cross-Site Request Forgery—tricking your browser into making requests you didn't intend.

Router DNS Hijacking (2008): A CSRF vulnerability in several home routers allowed attackers to change router DNS settings by tricking users into visiting a malicious website. Victims lost no money but were redirected to phishing sites for months. Millions of routers were affected.

Implementieren Sie den Cross-Site Request Forgery (CSRF)-Schutz für API-Routen. Nutzen Sie diese Fähigkeit, wenn Sie POST/PUT/DELETE-Endpunkte schützen, eine Token-Validierung implementieren, standortübergreifende Angriffe verhindern oder Formularübermittlungen sichern müssen. Zu den Auslösern gehören „CSRF“, „Cross-Site Request Forgery“, „Protect Form“, „Token Validation“, „withCsrf“, „CSRF Token“ und „Session Fixation“. Quelle: harperaa/secure-claude-skills.

Original anzeigen