From dd05ad04fa4ef6489c280c439e4f77ba62281bef Mon Sep 17 00:00:00 2001
From: Nick Sweeting <github@sweeting.me>
Date: Mon, 2 Sep 2024 01:13:19 -0700
Subject: [PATCH] disable cookie auth in API because csrf=False

---
 archivebox/api/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/archivebox/api/auth.py b/archivebox/api/auth.py
index 1af564e2..7d88b928 100644
--- a/archivebox/api/auth.py
+++ b/archivebox/api/auth.py
@@ -105,6 +105,6 @@ API_AUTH_METHODS = [
     HeaderTokenAuth(),
     BearerTokenAuth(),
     QueryParamTokenAuth(), 
-    django_auth_superuser,
+    # django_auth_superuser,       # django admin cookie auth, not secure to use with csrf=False
     UsernameAndPasswordAuth(),
 ]