Hello 👋

Thank you for this very useful middleware!

I have a use case (see fastapi-users/fastapi-users#291) where I call an API through the browser, using Cookie authentication. Thus, CSRF protection would be beneficial. However, it's a pure API : it doesn't generate any template ; so I don't have the opportunity to call request.scope.csrftoken() to generate the token.

Would it be possible (and sensible!) to have an option in the middleware to allow a token to be generated even if request.scope.csrftoken() is not called in the route logic?

Best regards!