From ce5ffbd6871a7bd1f400dd7bf5d37872d497b927 Mon Sep 17 00:00:00 2001
From: James Mills <prologic@shortcircuit.net.au>
Date: Tue, 22 Mar 2022 10:05:00 +1000
Subject: [PATCH] Excempt /inbox/* from CSRF

---
 internal/server.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/server.go b/internal/server.go
index 5bb9745..380b60b 100644
--- a/internal/server.go
+++ b/internal/server.go
@@ -238,6 +238,7 @@ func NewServer(bind string, options ...Option) (*Server, error) {
 
 	csrfHandler := nosurf.New(router)
 	csrfHandler.ExemptGlob("/api/v1/*")
+	csrfHandler.ExemptGlob("/inbox/*")
 
 	app.Route("/", &components.Hello{})
 	server := &Server{