rm csrf from express-init

packages/app/src/server/crowi/express-init.js

@@ -1,7 +1,5 @@
 import mongoose from 'mongoose';
 
-import csrf from 'csurf';
-
 // import { i18n, localePath } from '~/next-i18next.config';
 
 module.exports = function(crowi, app) {
@@ -121,9 +119,6 @@ module.exports = function(crowi, app) {
     sessionMiddleware(req, res, next);
   });
 
-  // csurf should be initialized after express-session
-  app.use(csrf({ cookie: false }));
-
   // passport
   debug('initialize Passport');
   app.use(passport.initialize());