From a794127f5f4e3b1021bde6df8d4da60e93bebd47 Mon Sep 17 00:00:00 2001
From: DrMaxNix <git@drmaxnix.de>
Date: Wed, 24 Jul 2024 16:57:27 +0200
Subject: [PATCH] :technologist: ignore csrf check when not in production

---
 api/newsletter/subscribe.php   | 2 +-
 api/newsletter/unsubscribe.php | 2 +-
 api/newsletter/verify.php      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/newsletter/subscribe.php b/api/newsletter/subscribe.php
index f138ff1..1b83767 100644
--- a/api/newsletter/subscribe.php
+++ b/api/newsletter/subscribe.php
@@ -6,7 +6,7 @@
 	
 	// CHECK CSRF PROTECTION //
 	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
-	if($x_cookieless_csrf_protection !== "42"){
+	if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
 		// show an excuse page
 		Excuse::show("invalid_csrf_token");
 	}
diff --git a/api/newsletter/unsubscribe.php b/api/newsletter/unsubscribe.php
index a67d1f3..42b5efd 100644
--- a/api/newsletter/unsubscribe.php
+++ b/api/newsletter/unsubscribe.php
@@ -6,7 +6,7 @@
 	
 	// CHECK CSRF PROTECTION //
 	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
-	if($x_cookieless_csrf_protection !== "42"){
+	if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
 		// show an excuse page
 		Excuse::show("invalid_csrf_token");
 	}
diff --git a/api/newsletter/verify.php b/api/newsletter/verify.php
index 6bab2d0..0675a71 100644
--- a/api/newsletter/verify.php
+++ b/api/newsletter/verify.php
@@ -5,7 +5,7 @@
 	
 	// CHECK CSRF PROTECTION //
 	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
-	if($x_cookieless_csrf_protection !== "42"){
+	if(\Flake\Env::IS_PRODUCTION and $x_cookieless_csrf_protection !== "42"){
 		// show an excuse page
 		Excuse::show("invalid_csrf_token");
 	}