From 45583f30fe9ae5b355ae985bdfaed792bf2d4b9d Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Thu, 24 Sep 2015 17:23:35 +0530
Subject: [PATCH] [hotfix] disable csrf check for mobile

---
 frappe/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/auth.py b/frappe/auth.py
index 39cf78c306..72fdadd9a9 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -57,7 +57,7 @@ class HTTPRequest:
 
 	def validate_csrf_token(self):
 		if frappe.local.request and frappe.local.request.method=="POST":
-			if not frappe.local.session.data.csrf_token:
+			if not frappe.local.session.data.csrf_token or frappe.local.session.data.device=="mobile":
 				# not via boot
 				return