#How should i do auth while using createServerFn() ?

are sessions the only way ? i saw useSession() in basic-auth but i dont know what it uses under the hood.. if its cookies then how can i do csrf without adding the csrf token as param to the function every time i want to write something ?
I would like to avoid cookies because of CSRF and avoid any database writes or file system writes because I'm trying to run it on the edge with cloudflare workers.
is there a way to add a global header setting like how it is in tanstack query where i could do something like "Authorization: "Bearer <token>" ?

hope I didn't miss something in the docs, and i couldn't find it. I understand its still in beta but I would be glad to help around writing docs and stuff. current Auth page just looks like an Ad instead of useful docs.

useSession uses cookies yes

what would you need in terms of csrf token here?

aside from that, you can use a client middleware: https://tanstack.com/start/latest/docs/framework/react/middleware#modifying-the-client-request

always assumed cookie based auth would need a csrf token with POST requests. I guess Same-Site: strict config would do