CsrfTokenComponent: Use a global empty function for SSR

src/assets/views/utils/CsrfTokenField.svelte

@@ -1,7 +1,6 @@
 <script lang="ts">
     import {locals} from "../../ts/stores.js";
     import Field from "./Field.svelte";
-    const token = $locals.getCsrfToken ? $locals.getCsrfToken() : undefined;
 </script>
 
-<Field type="hidden" name="csrf" value={token}/>
+<Field type="hidden" name="csrf" value={$locals.getCsrfToken()}/>

src/components/CsrfProtectionComponent.ts

@@ -5,6 +5,7 @@ import {Session, SessionData} from "express-session";
 import ApplicationComponent from "../ApplicationComponent.js";
 import {AuthMiddleware} from "../auth/AuthComponent.js";
 import {BadRequestError} from "../HttpError.js";
+import FrontendToolsComponent from "./FrontendToolsComponent.js";
 
 export default class CsrfProtectionComponent extends ApplicationComponent {
     private static readonly excluders: ((req: Request) => boolean)[] = [];
@@ -16,6 +17,14 @@ export default class CsrfProtectionComponent extends ApplicationComponent {
         return session.csrf;
     }
 
+
+    public async init(): Promise<void> {
+        const globals = this.getApp().asOptional(FrontendToolsComponent)?.getGlobals();
+        if (globals) {
+            globals.set('getCsrfToken', () => null);
+        }
+    }
+
     public static addExcluder(excluder: (req: Request) => boolean): void {
         this.excluders.push(excluder);
     }