From d3f4d0d42f62c90e478c8e3da995facf96a7a5e1 Mon Sep 17 00:00:00 2001
From: phette23 <phette23@gmail.com>
Date: Fri, 9 Feb 2024 12:35:00 -0800
Subject: [PATCH] fix: disable CSRF on REST API requests

work around for bug in invenio-rest
---
 invenio.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/invenio.cfg b/invenio.cfg
index 7161b1b..1dbd2e5 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -136,6 +136,8 @@ RDM_RECORDS_PERSONORG_SCHEMES.update(
 SITE_UI_URL = "https://127.0.0.1"
 
 SITE_API_URL = "https://127.0.0.1/api"
+# TODO insecure but needed due to https://github.com/inveniosoftware/invenio-rest/issues/132
+REST_CSRF_ENABLED = False
 
 APP_RDM_DEPOSIT_FORM_DEFAULTS = {
     "publication_date": lambda: datetime.now().strftime("%Y-%m-%d"),