fix(server): fix CSRF for Angular

Awk34 · Awk34 · commit 9c816ca200c0 · 2018-06-18T02:47:38.000-07:00
diff --git a/templates/app/server/config/express.js b/templates/app/server/config/express.js
@@ -68,9 +68,11 @@ export default function(app) {
      * Lusca - express server security
      * https://github.com/krakenjs/lusca
      */
-    if(env !== 'test' && env !== 'development' && !process.env.SAUCE_USERNAME) { // eslint-disable-line no-process-env
+    if(env !== 'test' && env !== 'development') {
         app.use(lusca({
-            csrf: true,
+            csrf: {
+                header: 'x-xsrf-token',
+            },
             xframe: 'SAMEORIGIN',
             hsts: {
                 maxAge: 31536000, //1 year, in seconds
