From eb3e5e5b1784f46801e6ee23245ff6a76d0cecb7 Mon Sep 17 00:00:00 2001
From: ildyria <beviguier@gmail.com>
Date: Wed, 28 Jan 2026 17:22:16 +0100
Subject: [PATCH] Exclude random from requiring XSRF token

---
 app/Http/Middleware/VerifyCsrfToken.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php
index 83ec1171f8f..e19c39cae3c 100644
--- a/app/Http/Middleware/VerifyCsrfToken.php
+++ b/app/Http/Middleware/VerifyCsrfToken.php
@@ -26,6 +26,7 @@ class VerifyCsrfToken extends Middleware
 		'/api/Session::init',
 		'/api/v2/Zip',
 		'/api/v2/Shop/Checkout/Finalize/*',
+		'/api/v2/Photo::random',
 	];
 
 	/**