A wrapper for the default connect/express csrf middleware that adds ignore support

csrf.js

var express = require('express'),
  _ = require('underscore'),
  parse = require('url').parse;

exports = module.exports = load;

exports.ignore = ['/api/method1', '/api/method2'];

function load(options) {
  var defaultCsrf = express.csrf(options);
  
  return function load(req, res, next) {
    if (exports.ignore.length > 0) {
      var reqPath = parse(req.url).pathname,
        ignore = false;
      _.each(exports.ignore, function(ignorePath) {
        if (~reqPath.indexOf(ignorePath)) {
          ignore = true;
          return;
        }
      });
    }

    if (ignore) {
      return next();
    } else {
      return defaultCsrf(req, res, next);
    }
  };
}