From 9ddfdfff9366793516bc09289a1da6156dfd12ca Mon Sep 17 00:00:00 2001
From: Gareth Rees <gareth@mysociety.org>
Date: Thu, 2 Oct 2014 10:17:07 +0100
Subject: Add global protect_from_forgery
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Grepping the git logs didn’t bring up a good reason for this to be
excluded. Seems like it came along after the app was initially created
so it never got fully added for fear of regressions. The specs pass for this
commit.
---
 app/controllers/user_controller.rb | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'app/controllers/user_controller.rb')

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index baeaab18a..108a6e9e5 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -7,15 +7,8 @@
 require 'set'
 
 class UserController < ApplicationController
-
     layout :select_layout
 
-    protect_from_forgery :only => [ :contact,
-                                    :set_profile_photo,
-                                    :signchangeemail,
-                                    :clear_profile_photo,
-                                    :set_profile_about_me ] # See ActionController::RequestForgeryProtection for details
-
     # Show page about a user
     def show
         long_cache
-- 
cgit v1.2.3