From a3b7063e4bca4aed6f3bf49460d5073b87d55a6f Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Tue, 16 Feb 2021 18:07:57 -0800
Subject: [PATCH] makes inbox csrf exempt

---
 bookwyrm/tests/test_signing.py | 2 +-
 bookwyrm/views/inbox.py        | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bookwyrm/tests/test_signing.py b/bookwyrm/tests/test_signing.py
index 0d55893d..3ad5d233 100644
--- a/bookwyrm/tests/test_signing.py
+++ b/bookwyrm/tests/test_signing.py
@@ -76,7 +76,7 @@ class Signature(TestCase):
         digest = digest or make_digest(data)
         signature = make_signature(
             signer or sender, self.rat.inbox, now, digest)
-        with patch('bookwyrm.incoming.handle_follow.delay'):
+        with patch('bookwyrm.views.inbox.activity_task.delay'):
             with patch('bookwyrm.models.user.set_remote_server.delay'):
                 return self.send(signature, now, send_data or data, digest)
 
diff --git a/bookwyrm/views/inbox.py b/bookwyrm/views/inbox.py
index 58356e1c..b4ff2736 100644
--- a/bookwyrm/views/inbox.py
+++ b/bookwyrm/views/inbox.py
@@ -4,7 +4,9 @@ from urllib.parse import urldefrag
 
 from django.http import HttpResponse
 from django.http import HttpResponseBadRequest, HttpResponseNotFound
+from django.utils.decorators import method_decorator
 from django.views import View
+from django.views.decorators.csrf import csrf_exempt
 import requests
 
 from bookwyrm import activitypub, models
@@ -12,6 +14,7 @@ from bookwyrm.tasks import app
 from bookwyrm.signatures import Signature
 
 
+@method_decorator(csrf_exempt, name='dispatch')
 # pylint: disable=no-self-use
 class Inbox(View):
     ''' requests sent by outside servers'''
@@ -56,7 +59,7 @@ def activity_task(activity_json):
     try:
         activity = activitypub.parse(activity_json)
     except activitypub.ActivitySerializerError:
-        raise#return
+        return
 
     # cool that worked, now we should do the action described by the type
     # (create, update, delete, etc)