From a32c3e7dd178d26ae8cbb8b3066654e206615cce Mon Sep 17 00:00:00 2001
From: Kartik Ohri <kartikohri13@gmail.com>
Date: Sat, 14 Aug 2021 17:33:19 +0530
Subject: [PATCH] Exempt legacy api from CSRF protection

---
 webserver/__init__.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/webserver/__init__.py b/webserver/__init__.py
index 906cee76..cfce36f0 100644
--- a/webserver/__init__.py
+++ b/webserver/__init__.py
@@ -207,16 +207,18 @@ def register_api(app):
         app.register_blueprint(bp_dataset_eval, url_prefix=v1_prefix + '/datasets/evaluation')
         app.register_blueprint(bp_similarity, url_prefix=v1_prefix + '/similarity')
 
+        from webserver.views.api.legacy import api_legacy_bp
+        app.register_blueprint(api_legacy_bp)
+
         # During readthedocs creation we don't have the csrf extension,
         # so only exclude these endpoints if it's enabled
         if 'csrf' in app.extensions:
+            app.extensions['csrf'].exempt(api_legacy_bp)
             app.extensions['csrf'].exempt(bp_core)
             app.extensions['csrf'].exempt(bp_datasets)
             app.extensions['csrf'].exempt(bp_dataset_eval)
             app.extensions['csrf'].exempt(bp_similarity)
 
-        from webserver.views.api.legacy import api_legacy_bp
-        app.register_blueprint(api_legacy_bp)
 
     register_ui(app)
     register_api(app)