diff --git a/bootstrap/app.php b/bootstrap/app.php
index 860af52f..4311ceb9 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -12,6 +12,13 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
+        $middleware->validateCsrfTokens(except: [
+            'api/token',
+            'api/post',
+            'api/media',
+            'micropub/places',
+            'webmention',
+        ]);
         $middleware->append(CSPHeader::class);
     })
     ->withExceptions(function (Exceptions $exceptions) {