/**
 * lumiarq.csrf — built-in CSRF protection middleware.
 *
 * For state-mutating requests (POST, PUT, PATCH, DELETE), verifies that the
 * `X-CSRF-Token` header matches the token stored in the `_csrf` cookie.
 *
 * Safe methods (GET, HEAD, OPTIONS) are always allowed through.
 *
 * Usage in routes:
 * ```ts
 * Route.post('/account/update', updateAccountHandler, {
 *   middleware: ['lumiarq.csrf'],
 * })
 * ```
 *
 * Or protect an entire group:
 * ```ts
 * Route.group({ prefix: '/account', middleware: ['lumiarq.csrf'] }, () => {
 *   Route.post('/update', updateAccountHandler)
 *   Route.delete('/delete', deleteAccountHandler)
 * })
 * ```
 */
export declare const csrfMiddleware: import("../types.js").MiddlewareDefinition;
//# sourceMappingURL=csrf.d.ts.map