diff --git a/config/application.rb b/config/application.rb
index 7594255f8..9b1c1050b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -39,6 +39,11 @@ module Diaspora
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
 
+    # We specify CSRF protection manually in ApplicationController with
+    # protect_from_forgery - having it enabled anywhere by default breaks
+    # federation.
+    config.action_controller.default_protect_from_forgery = false
+
     # Enable the asset pipeline
     config.assets.enabled = true