Currently csrf-sync depends on both express and express-session meaning it can't be consumed by any other connect middleware compatible lib. This would be a breaking change as we would probably have to remove the default configuration for getTokenFromRequest and storeTokenInState as they both currently enforce / expect express-session.
The csrfToken convenience method would have to be have to be declaration merged onto the default Node Request type instead of the express Request type.
Types would have to be updated significantly to take in generic types that extends the default Node Request and Response types enabling it to be compatible with various framework Request/Response extensions.
Currently
csrf-syncdepends on bothexpressandexpress-sessionmeaning it can't be consumed by any other connect middleware compatible lib. This would be a breaking change as we would probably have to remove the default configuration forgetTokenFromRequestandstoreTokenInStateas they both currently enforce / expect express-session.The
csrfTokenconvenience method would have to be have to be declaration merged onto the default Node Request type instead of the express Request type.Types would have to be updated significantly to take in generic types that extends the default Node Request and Response types enabling it to be compatible with various framework Request/Response extensions.