how to allow bypass security from one route

[luisfusim]

How can i disallow the protection for 1 route im using openpay and webhooks app.use(lusca({ csrf: { angular: true }, policy: { 'allow':'api/openpay/webook' } xframe: 'SAMEORIGIN', hsts: { maxAge: 31536000, //1 year, in seconds includeSubDomains: true, preload: true }, xssProtection: true }));

[david-mohr]

58 has a good discussion on the issue, in particular this comment which provides the solution I use:

var webhook = require('./webhook');
// `./webhook` could simply return an `express.Router` instance containing your webhook logic

app.use(lusca({ /* ... your opts but with `csrf: false` ... */ });
app.use('/webhooks', webhook);
app.use(lusca.csrf());
// ... all routes defined from this point are csrf protected.

[luisfusim]

Wooow Thanks a lot now it works.