how to bypass/avoid crsf on API post?

In a node application with ExpressJS we have CRSF middleware enabled. This works great, however we have some routes starting with /api and accepting POST request which fail (forbidden) because there is no CRSF token of course. How can we bypass/avoid CRSF for /api posts?


You can conditionally pass inside of middleware, so one option is to look to a pattern like this:

function yourMiddleware(req, res, next) {
  if ( null !== req.path.match(/^\/api/) ) {
  //your CRSF behavior here

What about registering those routes before the CSRF middleware? Like:

var express = require('express');
var app = express();

app.use('/api', require('path to your module that does not need csrf'));
app.use('/othermount', require('path to your module that needs csrf'));

Edit: Expanded code example to clarify what I was thinking.

Need Your Help

Game Center leaderboards in spritekit

ios7 sprite-kit game-center

I'm trying to present my leaderboards from my main menu class but I'm getting some errors. Here's my code,

how to initialize nested arrays


What is the correct syntax to initialize the following 2 level of nested arrays ?