import { RequestMiddlewareAfterServer, RequestServerOptions } from './createMiddleware.js'; import { Register } from '@tanstack/router-core'; export declare const csrfSymbol: unique symbol; export type CsrfSecFetchSite = 'same-origin' | 'same-site' | 'cross-site' | 'none'; export type CsrfMatcher = TValue | Array | ((value: TValue | (string & {}), ctx: RequestServerOptions) => boolean | Promise); export interface CsrfMiddlewareOptions { /** * Return `true` to validate this request, or `false` to skip validation. * * @default undefined, which validates every request handled by this middleware. */ filter?: (ctx: RequestServerOptions) => boolean | Promise; /** * Allowed Origin values. Defaults to the trusted request origin. */ origin?: CsrfMatcher; /** * Allowed Sec-Fetch-Site values. * * @default 'same-origin' */ secFetchSite?: CsrfMatcher; /** * Whether to use Referer as a fallback when Sec-Fetch-Site and Origin are absent. * * @default true */ referer?: boolean | ((referer: string, ctx: RequestServerOptions) => boolean | Promise); /** * Allow requests when Sec-Fetch-Site, Origin, and Referer are all missing. * * @default false */ allowRequestsWithoutOriginCheck?: boolean; /** * Optional response returned when CSRF validation fails. * * @default new Response('Forbidden', { status: 403 }) */ failureResponse?: Response | ((ctx: RequestServerOptions) => Response | Promise); } type CreateCsrfMiddleware = (opts?: CsrfMiddlewareOptions) => RequestMiddlewareAfterServer<{}, undefined, undefined>; export declare const createCsrfMiddleware: CreateCsrfMiddleware; export declare function isCsrfRequestAllowed(opts: CsrfMiddlewareOptions, ctx: RequestServerOptions): Promise; export declare function getCsrfRequestValidationResult(opts: CsrfMiddlewareOptions, ctx: RequestServerOptions): Promise; export {};