Fixes #7226: Exempt GraphQL API requests from CSRF inspection

jeremystretch · jeremystretch · commit ad7b8a9ac899 · 2021-09-09T09:06:45.000-04:00
diff --git a/docs/release-notes/version-3.0.md b/docs/release-notes/version-3.0.md
@@ -1,5 +1,13 @@
 # NetBox v3.0
 
+## v3.0.3 (FUTURE)
+
+### Bug Fixes
+
+* [#7226](https://github.com/netbox-community/netbox/issues/7226) - Exempt GraphQL API requests from CSRF inspection
+
+---
+
 ## v3.0.2 (2021-09-08)
 
 ### Bug Fixes
diff --git a/netbox/netbox/urls.py b/netbox/netbox/urls.py
@@ -1,6 +1,7 @@
 from django.conf import settings
 from django.conf.urls import include
 from django.urls import path, re_path
+from django.views.decorators.csrf import csrf_exempt
 from django.views.static import serve
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
@@ -63,7 +64,7 @@
     re_path(r'^api/swagger(?P<format>.json|.yaml)$', schema_view.without_ui(), name='schema_swagger'),
 
     # GraphQL
-    path('graphql/', GraphQLView.as_view(graphiql=True, schema=schema), name='graphql'),
+    path('graphql/', csrf_exempt(GraphQLView.as_view(graphiql=True, schema=schema)), name='graphql'),
 
     # Serving static media in Django to pipe it through LoginRequiredMiddleware
     path('media/<path:path>', serve, {'document_root': settings.MEDIA_ROOT}),
