From 94d69f59aba69cd3c8d47bad63a95d8c61b9d349 Mon Sep 17 00:00:00 2001
From: Neil Williams <neil@reddit.com>
Date: Thu, 6 Feb 2014 21:41:11 -0800
Subject: [PATCH] Remove obsolete /api/frame and /api/noframe endpoints.

These endpoints don't appear to have been used since
reddit/reddit@a07c576d1a8a548d8b22516304c64152d5eb89a0 and I have
verified via haproxy logs that they are not ever being called.

This fixes two XSRF vulnerabilities reported by Jordan Milne
(/u/largenocream).
---
 r2/r2/controllers/api.py | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 849d9bc26..344c71738 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -2777,26 +2777,6 @@ class ApiController(RedditController, OAuth2ResourceController):
 
         form.set_html(".status", _("password updated"))
 
-
-
-    @noresponse(VUser())
-    def POST_noframe(self):
-        """
-        removes the reddit toolbar if that currently the user's preference
-        """
-        c.user.pref_frame = False
-        c.user._commit()
-
-
-    @noresponse(VUser())
-    def POST_frame(self):
-        """
-        undoes POST_noframe
-        """
-        c.user.pref_frame = True
-        c.user._commit()
-
-
     @require_oauth2_scope("subscribe")
     @noresponse(VUser(),
                 VModhash(),