CSRF crumb generation and validation for hapi

Lead Maintainer: Marcus Stong

The following options are available when registering the plugin

• 'key' - the name of the cookie to store the csrf crumb in (defaults to 'crumb')
• 'size' - the length of the crumb to generate (defaults to 43, which is 256 bits, see cryptile for more information)
• 'autoGenerate' - whether to automatically generate a new crumb for requests (defaults to true)
• 'addToViewContext' - whether to automatically add the crumb to view contexts as the given key (defaults to true)
• 'cookieOptions' - storage options for the cookie containing the crumb, see the server.state documentation of hapi for more information
• 'restful' - RESTful mode that validates crumb tokens from "X-CSRF-Token" request header for POST, PUT, PATCH and DELETE server routes. Disables payload/query crumb validation (defaults to false)

Additionally, some configuration can be passed on a per-route basis

• 'key' - the key used in the view contexts and payloads for the crumb (defaults to whatever the key value in the main settings is)
• 'source' - can be either 'payload' or 'query' specifying how the crumb will be sent in requests (defaults to payload)
• 'restful' - an override for the server's 'restful' setting (defaults to match server setting)