CSRF Protection for Cookie-Based Auth (If Cookies Enabled)

[ahmadogo]

Description:

Add CSRF protection when using httpOnly cookies for access/refresh tokens.

Tasks:

• Enable double-submit cookie or CSRF token header approach
• Provide CSRF token via GET /auth/csrf (if needed)
• Validate CSRF token for state-changing requests
• Update docs/README for frontend integration steps

Acceptance Criteria:

• State-changing requests without valid CSRF token fail with 403
• CSRF token lifecycle documented and test-covered
• Works seamlessly with current auth flows
• Screenshot of server Up and Running

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[Nabeelahh]

@Nabeelahh has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

I would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Nabeelahh to this issue.

[drips-wave]

Congratulations, @Nabeelahh! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on February 26, 2026.

🧑‍💻 @Nabeelahh: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are issued when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊