earlier version of Rails and is no longer required.
A recent change in Rails (3.0.4 I think) added code to reset the session if the CSRF request forgery check failed. This was happening on the OpenID callback, so the pending comment was being lost, with the result of a blank comment trying to be saved. This commit disables CSRF check only for OpenID callbacks, I don't think it makes sense in this context. Fixes #37.
…s OpenID identities.
… and post show.
… control headers on them.