Binding that stores an anti-forgery token that must be included in POST forms if the handler is wrapped in wrap-anti-forgery.

Middleware that prevents CSRF attacks. Any POST request to the handler
returned by this function must contain a valid anti-forgery token, or else an
access-denied response is returned.

The anti-forgery token can be placed into a HTML page via the
*anti-forgery-token* var, which is bound to a random key unique to the
current session. By default, the token is expected to be in a form field
named '__anti-forgery-token', or in the 'X-CSRF-Token' or 'X-XSRF-Token'
headers.

Accepts the following options:

:read-token     - a function that takes a request and returns an anti-forgery
                  token, or nil if the token does not exist

:error-response - the response to return if the anti-forgery token is
                  incorrect or missing

:error-handler  - a handler function to call if the anti-forgery token is
                  incorrect or missing.

Only one of :error-response, :error-handler may be specified.