ErrBadReferer is returned when the scheme & host in the URL do not match the supplied Referer header.

ErrBadToken is returned if the CSRF token in the request does not match the token in the session, or is otherwise malformed.

ErrNoReferer is returned when a HTTPS request provides an empty Referer header.

ErrNoToken is returned if no CSRF token is supplied in the request.

New enable CSRF protection on routes using this middleware.