From 0f18b5de5c59f69d53ebf81dbac9f9249a34d4c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?=
 <valberg@orn.li>
Date: Mon, 11 Mar 2019 21:27:33 +0100
Subject: [PATCH] csrf_exempt the api.

---
 src/bornhack/urls.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/bornhack/urls.py b/src/bornhack/urls.py
index a10b7ab7..a864eef7 100644
--- a/src/bornhack/urls.py
+++ b/src/bornhack/urls.py
@@ -1,6 +1,7 @@
 from django.urls import include, path
 from django.contrib import admin
 from django.conf import settings
+from django.views.decorators.csrf import csrf_exempt
 
 from allauth.account.views import (
     LoginView,
@@ -66,7 +67,9 @@ urlpatterns = [
     ),
     path('accounts/', include('allauth.urls')),
     path('admin/', admin.site.urls),
-    path('api/', GraphQLView.as_view(graphiql=True)),
+
+    # We don't need CSRF checks for the API
+    path('api/', csrf_exempt(GraphQLView.as_view(graphiql=True))),
 
     path(
         'camps/',