app.ts

import express from 'express';
import cookieParser from 'cookie-parser';
import csurf from 'csurf';

const app = express();
const csrfProtection = csurf({
  cookie: true,
  ignoreMethods: ['GET', 'HEAD', 'OPTIONS'],
});
app.use(cookieParser());
app.use(csrfProtection, (req, res, next): void => {
  res.cookie('XSRF_TOKEN', req.csrfToken(), { httpOnly: false });
  next();
});