From 20259a3dc80e95540978bcdb0eaef8d8a8b73158 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Tue, 17 Jun 2025 21:41:09 +0200
Subject: [PATCH] fix: generate csrf tokens if two factor challenge is ongoing

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 core/Controller/CSRFTokenController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php
index 13ea0011146..8120700ede4 100644
--- a/core/Controller/CSRFTokenController.php
+++ b/core/Controller/CSRFTokenController.php
@@ -49,6 +49,7 @@ class CSRFTokenController extends Controller {
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
 	 * @PublicPage
+	 * @NoTwoFactorRequired
 	 */
 	#[FrontpageRoute(verb: 'GET', url: '/csrftoken')]
 	public function index(): JSONResponse {