diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index a83112b4a..a9258f6a8 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -1173,7 +1173,7 @@ Examples:
 - ``^api/mycustompath/``
 
 """
-CSRF_USE_SESSIONS = True
+CSRF_USE_SESSIONS = False
 SESSION_ENGINE = "django.contrib.sessions.backends.cache"
 
 ACCOUNT_USERNAME_BLACKLIST = [
diff --git a/api/funkwhale_api/instance/views.py b/api/funkwhale_api/instance/views.py
index bad2a41af..2a3e7010d 100644
--- a/api/funkwhale_api/instance/views.py
+++ b/api/funkwhale_api/instance/views.py
@@ -4,6 +4,8 @@ import logging
 from cache_memoize import cache_memoize
 from django.conf import settings
 from django.urls import reverse
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import ensure_csrf_cookie
 from drf_spectacular.utils import extend_schema
 from dynamic_preferences.api import viewsets as preferences_viewsets
 from dynamic_preferences.api.serializers import GlobalPreferenceSerializer
@@ -55,6 +57,7 @@ class InstanceSettings(generics.GenericAPIView):
         return Response(data, status=200)
 
 
+@method_decorator(ensure_csrf_cookie, name="dispatch")
 class NodeInfo(views.APIView):
     permission_classes = []
     authentication_classes = []