@@ -122,7 +122,8 @@ module.exports = function(crowi, app) {
});
// csurf should be initialized after express-session
- app.use(csrf({ cookie: false }));
+ // default methods + PUT. See: https://expressjs.com/en/resources/middleware/csurf.html#ignoremethods
+ app.use(csrf({ ignoreMethods: ['GET', 'HEAD', 'OPTIONS', 'PUT'], cookie: false }));
// passport
debug('initialize Passport');
yohei0125