Solid foundation for implementing CSRF protection across your web apps. Covers the main approaches: synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. The reference guides walk through implementations in Node.js/Express and Python Flask, plus frontend integration patterns. Worth noting it emphasizes the basics well, like never using GET for state changes and always pairing tokens with HTTPS. If you're building forms, payment flows, or anything that modifies server state, this gives you the patterns to prevent forged requests. The best practices section is actually useful, calling out common mistakes like storing tokens in localStorage.
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill csrf-protection