Remove obsolete /api/frame and /api/noframe endpoints.

These endpoints don't appear to have been used since reddit/reddit@a07c576d1a and I have verified via haproxy logs that they are not ever being called. This fixes two XSRF vulnerabilities reported by Jordan Milne (/u/largenocream).
2026-04-27 03:00:12 -04:00 · 2014-02-06 21:41:11 -08:00
parent 1cbc59a1c5
commit 94d69f59ab
1 changed files with 0 additions and 20 deletions
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -2777,26 +2777,6 @@ class ApiController(RedditController, OAuth2ResourceController):

        form.set_html(".status", _("password updated"))

-
-
-    @noresponse(VUser())
-    def POST_noframe(self):
-        """
-        removes the reddit toolbar if that currently the user's preference
-        """
-        c.user.pref_frame = False
-        c.user._commit()
-
-
-    @noresponse(VUser())
-    def POST_frame(self):
-        """
-        undoes POST_noframe
-        """
-        c.user.pref_frame = True
-        c.user._commit()
-
-
    @require_oauth2_scope("subscribe")
    @noresponse(VUser(),
                VModhash(),