CSRF prevention plugin for GraphQL Yoga that requires the clients to have a specific header set.
graphql-hive/graphql-yoga