From 6aec9538e4aaa24fd8cbc99b00d1d8a886e5fdff Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Tue, 3 Jul 2018 11:52:29 -0400
Subject: [PATCH] LG-438 Remove csrf protection on the account reset delayed
 notifications API endpoint

**Why**: The endpoint is already protected by an auth token

**How**: skip_before_action :verify_authenticity_token
---
 app/controllers/account_reset/send_notifications_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/account_reset/send_notifications_controller.rb b/app/controllers/account_reset/send_notifications_controller.rb
index c921b3d73f6..5626674c33e 100644
--- a/app/controllers/account_reset/send_notifications_controller.rb
+++ b/app/controllers/account_reset/send_notifications_controller.rb
@@ -1,5 +1,6 @@
 module AccountReset
   class SendNotificationsController < ApplicationController
+    skip_before_action :verify_authenticity_token
     before_action :authorize
 
     def update