From 724bd484945f6cb8b8ccff4dc26983a48277f75a Mon Sep 17 00:00:00 2001
From: Holger Just <h.just@finn.de>
Date: Mon, 5 Mar 2012 12:50:44 +0100
Subject: [PATCH] Remove unused code

Since Rails 2.3.11, protect_from_forgery exclusively calls
handle_unverified_request which defaults to resetting the session. The old
code to handle an invalid CSRF token is not used anymore and is thus
removed to un-confuse people.
---
 app/controllers/application_controller.rb | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c5200d58..de47f042 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -64,7 +64,6 @@ class ApplicationController < ActionController::Base
   before_filter :user_setup, :check_if_login_required, :set_localization
   filter_parameter_logging :password
 
-  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
   # FIXME: This doesn't work with Rails >= 3.0 anymore
   # Possible workaround: https://github.com/rails/rails/issues/671#issuecomment-1780159
   rescue_from ActionController::RoutingError, :with => proc{render_404}
@@ -336,13 +335,6 @@ class ApplicationController < ActionController::Base
     request.xhr? ? false : 'base'
   end
 
-  def invalid_authenticity_token
-    if api_request?
-      logger.error "Form authenticity token is missing or is invalid. API calls must include a proper Content-type header (text/xml or text/json)."
-    end
-    render_error "Invalid form authenticity token."
-  end
-
   def render_feed(items, options={})
     @items = items || []
     @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }