2016-05-02 17:22:56 -07:00
|
|
|
import csurf from 'csurf';
|
|
|
|
|
|
|
|
|
|
export default function() {
|
2016-05-02 21:11:49 -07:00
|
|
|
const protection = csurf({ cookie: true });
|
|
|
|
|
return function csrf(req, res, next) {
|
|
|
|
|
const path = req.path.split('/')[1];
|
|
|
|
|
if (/api/.test(path)) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
return protection(req, res, next);
|
|
|
|
|
};
|
2016-05-02 17:22:56 -07:00
|
|
|
}
|
