more instructions

Author: mike-north

server/routes/transfers.js

@@ -40,6 +40,10 @@ router.get('/', function(req, res/*, next*/) {
   });
 });
 
+//////////////////////////////////////////////////////////////
+//// ↓ EXERCISE 5 SOLUTION GOES HERE
+////   - Add CSRF protection to this route
+////   - Limit this route to only POST requests
 router.all('/perform', function(req, res) {
   bounceOutIfLoggedOut(req, res, () => {
     let { accountFrom, accountTo, amount } = Object.assign(Object.assign({}, req.body), req.query);