60b6746994
This needs to be done before we can expose any webservices that change state, or return private info to ajax (to prevent CSRF). Currently there are no webservices exposed to ajax that meet these criteria - so this issue is to prevent future security issues.