diff --git a/zerver/views/webhooks/github_dispatcher.py b/zerver/views/webhooks/github_dispatcher.py index 27c450be30..420bf10c1e 100644 --- a/zerver/views/webhooks/github_dispatcher.py +++ b/zerver/views/webhooks/github_dispatcher.py @@ -1,9 +1,12 @@ from __future__ import absolute_import from django.http import HttpRequest, HttpResponse +from django.views.decorators.csrf import csrf_exempt from .github_webhook import api_github_webhook from .github import api_github_landing - +# Since this dispatcher is an API-style endpoint, it needs to be +# explicitly marked as CSRF-exempt +@csrf_exempt def api_github_webhook_dispatch(request): # type: (HttpRequest) -> HttpResponse if request.META.get('HTTP_X_GITHUB_EVENT'):