CSRF Protection
Include CSRF protection on all state-changing endpoints
CLAUDE.md
Include CSRF protection on all state-changing endpoints. Use anti-CSRF tokens or SameSite cookies. Verify the Origin header on POST, PUT, PATCH, and DELETE requests.
Copy this block into your CLAUDE.md or agent config file to enforce it in your workflow.