i actually looked at the middleware now, and this entire catch block is unnecessary:
try {
// bodyparser middlewares maybe store body in request.body
// or you can just set csrf token header
this.assertCSRF(this.request.body)
} catch (err) {
if (err.status === 403) {
this.status = 403
this.body = 'invalid csrf token'
} else {
this.throw(err)
}
return
}
an upstream error handler should handle the rendering of the error
i actually looked at the middleware now, and this entire catch block is unnecessary:
an upstream error handler should handle the rendering of the error