diff --git a/backend/server/adventures/middleware.py b/backend/server/adventures/middleware.py
index 10050b0..5897e19 100644
--- a/backend/server/adventures/middleware.py
+++ b/backend/server/adventures/middleware.py
@@ -29,4 +29,19 @@ class XSessionTokenMiddleware(MiddlewareMixin):
 class DisableCSRFForSessionTokenMiddleware(MiddlewareMixin):
     def process_request(self, request):
         if 'X-Session-Token' in request.headers:
-            setattr(request, '_dont_enforce_csrf_checks', True)
\ No newline at end of file
+            setattr(request, '_dont_enforce_csrf_checks', True)
+
+class DisableCSRFForMobileLoginSignup(MiddlewareMixin):
+    def process_request(self, request):
+        is_mobile = request.headers.get('X-Is-Mobile', '').lower() == 'true'
+        is_login_or_signup = request.path in ['/auth/browser/v1/auth/login', '/auth/browser/v1/auth/signup']
+        print(f"Request path: {request.path}")
+        print(f"Is mobile: {is_mobile}")
+        print(f"Is login/signup: {is_login_or_signup}")
+        print(f"Request headers: {request.headers}")
+
+        if is_mobile and is_login_or_signup:
+            print("✅ Disabling CSRF for mobile login/signup")
+            setattr(request, '_dont_enforce_csrf_checks', True)
+        else:
+            print("🔒 CSRF not disabled for this request")
\ No newline at end of file
diff --git a/backend/server/main/settings.py b/backend/server/main/settings.py
index 406e37a..e5d24f8 100644
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@@ -71,6 +71,7 @@ MIDDLEWARE = (
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'adventures.middleware.XSessionTokenMiddleware',
     'adventures.middleware.DisableCSRFForSessionTokenMiddleware',
+    'adventures.middleware.DisableCSRFForMobileLoginSignup',
     'corsheaders.middleware.CorsMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',