From c26289cf42f5e6f5cf5f48daac0169eb31ad4cf3 Mon Sep 17 00:00:00 2001
From: fr33domlover <fr33domlover@riseup.net>
Date: Tue, 5 Mar 2019 09:00:22 +0000
Subject: [PATCH] Don't check CSRF token in InboxR, POSTs there freely come
 from other servers

---
 src/Vervis/Foundation.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Vervis/Foundation.hs b/src/Vervis/Foundation.hs
index 696d049..290b655 100644
--- a/src/Vervis/Foundation.hs
+++ b/src/Vervis/Foundation.hs
@@ -151,6 +151,7 @@ instance Yesod App where
                 handler
                 (getCurrentRoute >>= \ mr -> case mr of
                     Nothing                      -> return False
+                    Just InboxR                  -> return False
                     Just (GitUploadRequestR _ _) -> return False
                     Just r                       -> isWriteRequest r
                 )