Implements the three main CSRF protection patterns: synchronizer tokens, double-submit cookies, and SameSite attributes. You get Express middleware with proper timing-safe comparison, session token generation, and form integration examples. The guide walks through when to apply each method and shows the HTML side too. Covers Flask and React implementations in the references. Honestly, the best part is it doesn't just dump code at you. It explains why you need multiple layers and calls out the common mistakes like thinking auth alone protects you or storing tokens in localStorage. Solid reference when you're hardening state-changing endpoints.
npx skills add https://github.com/secondsky/claude-skills --skill csrf-protection