app.use((req, res, next) => { if (req.path === '/api/upload') { // Multer multipart/form-data handling needs to occur before the Lusca CSRF check. next(); } else { /lusca.csrf()(req, res, next); // <-- error here } });