mkalam-alami
commented
3 years ago Cannot be done easily, because CSRF protection relies on body parsing, which uses either the standard body-parser or the multer lib depending on the route. The CSRF middleware has to always be plugged after them.
It's already configured to ignore GET methods so it would probably have the same effect but simplify things.