Here is what I'm trying to achieve:
1. Backend sends response header saying "this page requires filtering".
2. Lua script generates a token, and populates the appropriate tag in the body copy with the token.
3. Token is pushed into user's cookies and also stored in Redis.
From what I can gather, to do this, I need to:
1. Add conditional logic within body_filter_by_lua based on the value of ngx.var.sent_http_csrf
2. Generate the token
3. Filter the body.
4. Make a subrequest with the token to a separate internal location block so that Redis can save the token (as redis will be disabled within the context of body_filter_by_lua)