Add DisableCSRFForMobileLoginSignup middleware to handle CSRF checks for mobile login/signup requests

backend/server/adventures/middleware.py

@@ -29,4 +29,19 @@ class XSessionTokenMiddleware(MiddlewareMixin):
 class DisableCSRFForSessionTokenMiddleware(MiddlewareMixin):
     def process_request(self, request):
         if 'X-Session-Token' in request.headers:
-            setattr(request, '_dont_enforce_csrf_checks', True)
+            setattr(request, '_dont_enforce_csrf_checks', True)
+
+class DisableCSRFForMobileLoginSignup(MiddlewareMixin):
+    def process_request(self, request):
+        is_mobile = request.headers.get('X-Is-Mobile', '').lower() == 'true'
+        is_login_or_signup = request.path in ['/auth/browser/v1/auth/login', '/auth/browser/v1/auth/signup']
+        print(f"Request path: {request.path}")
+        print(f"Is mobile: {is_mobile}")
+        print(f"Is login/signup: {is_login_or_signup}")
+        print(f"Request headers: {request.headers}")
+
+        if is_mobile and is_login_or_signup:
+            print("✅ Disabling CSRF for mobile login/signup")
+            setattr(request, '_dont_enforce_csrf_checks', True)
+        else:
+            print("🔒 CSRF not disabled for this request")

backend/server/main/settings.py

@@ -71,6 +71,7 @@ MIDDLEWARE = (
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'adventures.middleware.XSessionTokenMiddleware',
     'adventures.middleware.DisableCSRFForSessionTokenMiddleware',
+    'adventures.middleware.DisableCSRFForMobileLoginSignup',
     'corsheaders.middleware.CorsMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',