Up until now I have always used header authentication for my SPAs, but now I find myself having issues enabling SSR in my frontend since the browser local-/sessionstorage is not available on the server. As far as I know to safely use cookie authentication we need CSRF protection, but I can't seem to find the solution for Ktor. How have you guys enabled SSR with a Ktor backend?