node.js - how to bypass/avoid crsf on API post? -
in node application expressjs have crsf middleware enabled. works great, have routes starting /api , accepting post request fail (forbidden) because there no crsf token of course. how can bypass/avoid crsf /api posts?
you can conditionally pass inside of middleware, 1 option pattern this:
function yourmiddleware(req, res, next) { if ( null !== req.path.match(/^\/api/) ) { next(); } //your crsf behavior here }
Comments
Post a Comment