From 6037f5ee2cf51248fd6eaf713c700ae26a277659 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 7 Dec 2020 15:44:34 -0500
Subject: [PATCH] chore: add comment for clarification

---
 src/middleware/user.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/middleware/user.js b/src/middleware/user.js
index 903195ebd9..556a919821 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -34,6 +34,7 @@ module.exports = function (middleware) {
 		const loginAsync = util.promisify(req.login).bind(req);
 
 		if (req.loggedIn) {
+			// If authenticated via cookie (express-session), protect routes with CSRF checking
 			if (res.locals.isAPI) {
 				await middleware.applyCSRFasync(req, res);
 			}