sails.js enable csrf for browser access and disable csrf for native app access

Question

I'm using sails.js as backend, or, more generally, nodejs.

The admin page of my website is accessed by browser, and yet for all the non-admin users, they should access my backend resource through native mobile app(iOS/Android).

I figured that for native app restful http requests, it is not necessary to enable csrf protection, yet for admin page browser access, it is.

So I wonder if it's possible to enable csrf protection for browser access and disable csrf protection for mobile native app access?

Answer 1

You can use different controller/ route to be partially load which endpoint that use CSRF. Look at this answer.