diff --git a/src/Vervis/Foundation.hs b/src/Vervis/Foundation.hs
index 85063a6..9ad8075 100644
--- a/src/Vervis/Foundation.hs
+++ b/src/Vervis/Foundation.hs
@@ -109,10 +109,21 @@ instance Yesod App where
     --   a) Sets a cookie with a CSRF token in it.
     --   b) Validates that incoming write requests include that token in either a header or POST parameter.
     -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
-    yesodMiddleware =
-        defaultCsrfMiddleware .
+    yesodMiddleware
         -- sslOnlyMiddleware 120 .
-        defaultYesodMiddleware
+        = defaultCsrfSetCookieMiddleware
+        . (\ handler ->
+            csrfCheckMiddleware
+                handler
+                (getCurrentRoute >>= \ mr -> case mr of
+                    Nothing                      -> return False
+                    Just (GitUploadRequestR _ _) -> return False
+                    Just r                       -> isWriteRequest r
+                )
+                defaultCsrfHeaderName
+                defaultCsrfParamName
+          )
+        . defaultYesodMiddleware
 
     defaultLayout widget = do
         master <- getYesod