Merge pull request #1303 from rommapp/romm-1218

[ROMM-1218] Exempt the right path from CSRF protection for tokens
rommapp · Nov 17, 2024 · 8f9eb01 · 8f9eb01
2 parents 4ecbac7 + f5941ec
commit 8f9eb01
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/backend/main.py b/backend/main.py
@@ -70,7 +70,7 @@ async def lifespan(app: FastAPI) -> AsyncGenerator[None, None]:
         CustomCSRFMiddleware,
         cookie_name="romm_csrftoken",
         secret=ROMM_AUTH_SECRET_KEY,
-        exempt_urls=[re.compile(r"^/token.*"), re.compile(r"^/ws")],
+        exempt_urls=[re.compile(r"^/api/token.*"), re.compile(r"^/ws")],
     )
 
 # Handles both basic and oauth authentication