diff --git a/activitypub.py b/activitypub.py
index c6a6cde..4081b41 100644
--- a/activitypub.py
+++ b/activitypub.py
@@ -11,7 +11,7 @@ from granary import as1, as2
 from httpsig import HeaderVerifier
 from httpsig.requests_auth import HTTPSignatureAuth
 from httpsig.utils import parse_signature_header
-from oauth_dropins.webutil import flask_util, util
+from oauth_dropins.webutil import appengine_info, flask_util, util
 from oauth_dropins.webutil.util import fragmentless, json_dumps, json_loads
 import requests
 from werkzeug.exceptions import BadGateway
@@ -267,6 +267,9 @@ class ActivityPub(User, Protocol):
         headers = dict(request.headers)  # copy so we can modify below
         sig = headers.get('Signature')
         if not sig:
+            if appengine_info.DEBUG:
+                logging.info('No HTTP Signature, allowing due to DEBUG=true')
+                return
             error('No HTTP Signature', status=401)
 
         logger.info('Verifying HTTP Signature')
diff --git a/tests/test_activitypub.py b/tests/test_activitypub.py
index 8cc17a6..2b46dd7 100644
--- a/tests/test_activitypub.py
+++ b/tests/test_activitypub.py
@@ -1017,6 +1017,7 @@ class ActivityPubTest(TestCase):
 
     @patch('activitypub.logger.info', side_effect=logging.info)
     @patch('common.logger.info', side_effect=logging.info)
+    @patch('oauth_dropins.webutil.appengine_info.DEBUG', False)
     def test_inbox_verify_http_signature(self, mock_common_log, mock_activitypub_log,
                                          _, mock_get, ___):
         # actor with a public key