Comment 36 for bug 560246

The tests would show that Launchpad remained invulnerable to cross-site request forgery attacks. Your patch removes our protection against such attacks, so it's not an acceptable approach.