diff --git a/backend/middleware/csrf.go b/backend/middleware/csrf.go
index 4182edb7f..08571c152 100644
--- a/backend/middleware/csrf.go
+++ b/backend/middleware/csrf.go
@@ -12,6 +12,7 @@ import (
 func CSRF() gin.HandlerFunc {
 	csrfMd := csrf.Protect(
 		[]byte(global.CONF.Csrf.Key),
+		csrf.Path("/api"),
 		csrf.ErrorHandler(http.HandlerFunc(
 			func(w http.ResponseWriter, r *http.Request) {
 				w.WriteHeader(http.StatusForbidden)