csrf-protection

SKILL.md

Imagine you're logged into your banking app. In another tab, you visit a malicious website. That website contains hidden code that submits a form to your bank: "Transfer $10,000 to attacker's account." Because you're logged in, your browser automatically sends your session cookie, and the bank processes the transfer.

This is Cross-Site Request Forgery—tricking your browser into making requests you didn't intend.

Router DNS Hijacking (2008): A CSRF vulnerability in several home routers allowed attackers to change router DNS settings by tricking users into visiting a malicious website. Victims lost no money but were redirected to phishing sites for months. Millions of routers were affected.

Implemente protección contra falsificación de solicitudes entre sitios (CSRF) para rutas API. Utilice esta habilidad cuando necesite proteger los puntos finales POST/PUT/DELETE, implementar la validación de tokens, evitar ataques entre sitios o proteger los envíos de formularios. Los activadores incluyen "CSRF", "falsificación de solicitudes entre sitios", "formulario de protección", "validación de token", "withCsrf", "token CSRF", "fijación de sesión". Fuente: harperaa/secure-claude-skills.

Ver original