Validate CSRF for the current request using the Double Submit Cookie pattern.
This checks that a CSRF token (submitted via body._csrf or x-csrf-token) matches
the CSRF token cookie (libreviews_csrf) for the same requester, keyed by a separate,
httpOnly identifier cookie (libreviews_csrf_id).
Multipart form requests are intentionally not validated here because Multer populates
req.body after it has processed the stream. For uploads we validate CSRF after Multer
has run (see routes/uploads.ts).
Validate CSRF for the current request using the Double Submit Cookie pattern.
This checks that a CSRF token (submitted via
body._csrforx-csrf-token) matches the CSRF token cookie (libreviews_csrf) for the same requester, keyed by a separate, httpOnly identifier cookie (libreviews_csrf_id).Multipart form requests are intentionally not validated here because Multer populates
req.bodyafter it has processed the stream. For uploads we validate CSRF after Multer has run (seeroutes/uploads.ts).