From ad7b8a9ac899f7515f97a2f4e33fc8b7929e3af4 Mon Sep 17 00:00:00 2001
From: jeremystretch <jstretch@ns1.com>
Date: Thu, 9 Sep 2021 09:06:45 -0400
Subject: [PATCH] Fixes #7226: Exempt GraphQL API requests from CSRF inspection

---
 docs/release-notes/version-3.0.md | 8 ++++++++
 netbox/netbox/urls.py             | 3 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes/version-3.0.md b/docs/release-notes/version-3.0.md
index 379a6877e..a60c5b0f6 100644
--- a/docs/release-notes/version-3.0.md
+++ b/docs/release-notes/version-3.0.md
@@ -1,5 +1,13 @@
 # NetBox v3.0
 
+## v3.0.3 (FUTURE)
+
+### Bug Fixes
+
+* [#7226](https://github.com/netbox-community/netbox/issues/7226) - Exempt GraphQL API requests from CSRF inspection
+
+---
+
 ## v3.0.2 (2021-09-08)
 
 ### Bug Fixes
diff --git a/netbox/netbox/urls.py b/netbox/netbox/urls.py
index 06e1eee06..53e20351c 100644
--- a/netbox/netbox/urls.py
+++ b/netbox/netbox/urls.py
@@ -1,6 +1,7 @@
 from django.conf import settings
 from django.conf.urls import include
 from django.urls import path, re_path
+from django.views.decorators.csrf import csrf_exempt
 from django.views.static import serve
 from drf_yasg import openapi
 from drf_yasg.views import get_schema_view
@@ -63,7 +64,7 @@ _patterns = [
     re_path(r'^api/swagger(?P<format>.json|.yaml)$', schema_view.without_ui(), name='schema_swagger'),
 
     # GraphQL
-    path('graphql/', GraphQLView.as_view(graphiql=True, schema=schema), name='graphql'),
+    path('graphql/', csrf_exempt(GraphQLView.as_view(graphiql=True, schema=schema)), name='graphql'),
 
     # Serving static media in Django to pipe it through LoginRequiredMiddleware
     path('media/<path:path>', serve, {'document_root': settings.MEDIA_ROOT}),