diff --git a/api/newsletter/subscribe.php b/api/newsletter/subscribe.php
index f138ff1..1b83767 100644
--- a/api/newsletter/subscribe.php
+++ b/api/newsletter/subscribe.php
@@ -6,7 +6,7 @@
 	
 	// CHECK CSRF PROTECTION //
 	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
-	if($x_cookieless_csrf_protection !== "42"){
+	if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
 		// show an excuse page
 		Excuse::show("invalid_csrf_token");
 	}
diff --git a/api/newsletter/unsubscribe.php b/api/newsletter/unsubscribe.php
index a67d1f3..42b5efd 100644
--- a/api/newsletter/unsubscribe.php
+++ b/api/newsletter/unsubscribe.php
@@ -6,7 +6,7 @@
 	
 	// CHECK CSRF PROTECTION //
 	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
-	if($x_cookieless_csrf_protection !== "42"){
+	if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
 		// show an excuse page
 		Excuse::show("invalid_csrf_token");
 	}
diff --git a/api/newsletter/verify.php b/api/newsletter/verify.php
index 6bab2d0..0675a71 100644
--- a/api/newsletter/verify.php
+++ b/api/newsletter/verify.php
@@ -5,7 +5,7 @@
 	
 	// CHECK CSRF PROTECTION //
 	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
-	if($x_cookieless_csrf_protection !== "42"){
+	if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
 		// show an excuse page
 		Excuse::show("invalid_csrf_token");
 	}