From b6493f896fe825a84e6d1373d0351d5430cddf6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Tue, 9 Feb 2021 12:40:29 -0500
Subject: [PATCH] fix: tests, only generate csrf_token on 404 gets

---
 src/controllers/404.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/controllers/404.js b/src/controllers/404.js
index 0daafd583e..1a754aee73 100644
--- a/src/controllers/404.js
+++ b/src/controllers/404.js
@@ -43,7 +43,11 @@ exports.send404 = async function (req, res) {
 	if (res.locals.isAPI) {
 		return res.json({ path: validator.escape(path.replace(/^\/api/, '')), title: '[[global:404.title]]' });
 	}
-	await middleware.applyCSRFasync(req, res);
+
+	if (req.method === 'GET') {
+		await middleware.applyCSRFasync(req, res);
+	}
+
 	await middleware.buildHeaderAsync(req, res);
 	res.render('404', { path: validator.escape(path), title: '[[global:404.title]]' });
 };