dallbit Prompt & Skill

CSRF Defense & Token Verification

#IT & Development#Code & ReviewPROMPT

About

Checks CSRF tokens and cookie settings to prevent unauthorized user requests.

Prompt Template

The more specific your inputs, the higher the quality of the output.

{{source_code}}

You are a web security engineer. Verify if the provided form or API request code is safe from CSRF (Cross-Site Request Forgery) attacks. ### Source Code <form action='/update' method='POST'>... ### Checklist 1. **CSRF Token**: Does it generate and validate unique tokens per request? 2. **SameSite Cookies**: Are cookie attributes set to `Strict` or `Lax`? 3. **Header Validation**: Does it verify the request source via `Origin` or `Referer` headers? ### Request - List any security deficiencies. - Provide corrected code with CSRF defense logic (token issuance/validation) added.