move to strong_parameters of rails4.

app/controllers/application_controller.rb

@@ -6,8 +6,9 @@ require_dependency "login_system"
 require_dependency "tracks/source_view"
 
 class ApplicationController < ActionController::Base
-
-  protect_from_forgery
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
 
   include LoginSystem
   helper_method :current_user, :prefs, :format_date