diff --git a/server/middlewares/csurf.js b/server/middlewares/csurf.js
index 737a602a0f..02c19e301e 100644
--- a/server/middlewares/csurf.js
+++ b/server/middlewares/csurf.js
@@ -1,5 +1,12 @@
 import csurf from 'csurf';
 
 export default function() {
-  return csurf({ cookie: true });
+  const protection = csurf({ cookie: true });
+  return function csrf(req, res, next) {
+    const path = req.path.split('/')[1];
+    if (/api/.test(path)) {
+      return next();
+    }
+    return protection(req, res, next);
+  };
 }
diff --git a/server/middlewares/global-locals.js b/server/middlewares/global-locals.js
index a018a3e46a..fbd0680731 100644
--- a/server/middlewares/global-locals.js
+++ b/server/middlewares/global-locals.js
@@ -2,7 +2,7 @@ export default function globalLocals() {
   return function(req, res, next) {
     // Make user object available in templates.
     res.locals.user = req.user;
-    res.locals._csrf = req.csrfToken();
+    res.locals._csrf = req.csrfToken ? req.csrfToken() : null;
     next();
   };
 }