adding enhanced csrf protection

app-code/api/login/reset_pw.php

@@ -1,4 +1,8 @@
 <?php
+include "../utils/security.php";
+secure_session_start();
+require_same_origin_request();
+require_csrf_token();
 // Check if the POST request contains 'token' and 'password'
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!isset($_POST['token']) || !isset($_POST['password']) || !isset($_POST['confirm_password'])) {
@@ -67,4 +71,3 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     echo json_encode(['status' => 'error', 'message' => 'Invalid request method.']);
 }
 ?>
-