diff --git a/src/server/middleware/csrf/csrf.go b/src/server/middleware/csrf/csrf.go
index b96bf5f5e09e..dbbdc17f93ed 100644
--- a/src/server/middleware/csrf/csrf.go
+++ b/src/server/middleware/csrf/csrf.go
@@ -75,6 +75,7 @@ func csrfSkipper(req *http.Request) bool {
 	if (strings.HasPrefix(path, "/v2/") ||
 		strings.HasPrefix(path, "/api/") ||
 		strings.HasPrefix(path, "/chartrepo/") ||
+		strings.HasPrefix(path, "/c/oidc/onboard") ||
 		strings.HasPrefix(path, "/service/")) && !lib.GetCarrySession(req.Context()) {
 		return true
 	}