dougwilson
commented
6 years ago Hi @alcmoraes sorry I missed your PR here for all this time. I really don't know how I missed it, and I apologize. Thanks for your contribution, but this should be solveable by either following the readme and not using this module globally, or solutions like #64 . If there is a reason there is no possible way to do this without core modification, please provide an example and I'd be happy to reopen this PR :)
Added option to send "ignoreRoutes" option during csurf init.
app.use(csrf({ ignoreRoutes: ['admin','api'] }));The above snippet would prevent csurf from check the CSRF token on '/api' and '/admin' paths.