ProviderController always skips a before_action for CSRF but we don't even have that before_action enabled. This breaks Rails 5, which (rightly) doesn't like it when you skip a before_action that doesn't exist. Instead we have a hack in GHR where we define the before_action but have it do nothing. We can stop doing that if we remove this skip.