From b2bc8c389a4ea8aece57e8eb0ac07efff65d67e1 Mon Sep 17 00:00:00 2001
From: Richard Steinmetz <richard@steinmetz.cloud>
Date: Tue, 17 Jun 2025 21:41:09 +0200
Subject: [PATCH] fix: generate csrf tokens if two factor challenge is ongoing

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
---
 core/Controller/CSRFTokenController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/Controller/CSRFTokenController.php b/core/Controller/CSRFTokenController.php
index c3d1a7f842b..4aa0d7fbb06 100644
--- a/core/Controller/CSRFTokenController.php
+++ b/core/Controller/CSRFTokenController.php
@@ -33,6 +33,8 @@ class CSRFTokenController extends Controller {
 	 *
 	 * 200: CSRF token returned
 	 * 403: Strict cookie check failed
+	 *
+	 * @NoTwoFactorRequired
 	 */
 	#[PublicPage]
 	#[NoCSRFRequired]