Still in progress of testing don't commit

I don't know much about CSRF attacks, but is adding hidden input field with csrf token value enough to protect against this attack?

CSRF is used to validate that the the page that was requested is the page that the information was sent back from.

This is used so a site cant make a post request to a website without requesting a page first.

When a ajax request is made from an external site it won't automatically do the operation (this may be change username, password, phone number, etc.). This happens because If the user is already signed in then the cookies are also sent in the request.

This is a great site describing CSRF if you want to read it
http://t.co/NjkAVofBlQ

I commented it out and forgot to remove it

@GeneralZero please let me know when it's ok to merge.

It's good to go.

Deleting your profile was missed - it's broken.

Needs this code:

@dstroot Thanks for catching it. This should be fixed now.

Thanks for that