CSRF prevention plugin for GraphQL Yoga that requires the clients to have a specific header set.