From e95186e1fd82567159a460df5cd09950baadff72 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Sat, 23 Mar 2024 14:18:02 +0000
Subject: [PATCH] Exclude certain routes from csrf protection

---
 bootstrap/app.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/bootstrap/app.php b/bootstrap/app.php
index 860af52f..4311ceb9 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -12,6 +12,13 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
+        $middleware->validateCsrfTokens(except: [
+            'api/token',
+            'api/post',
+            'api/media',
+            'micropub/places',
+            'webmention',
+        ]);
         $middleware->append(CSPHeader::class);
     })
     ->withExceptions(function (Exceptions $exceptions) {