diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 734b2cc169d..e78be13b326 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -1,6 +1,5 @@
 class SessionController < ApplicationController
-  
-  # we need to allow account login with bad CSRF tokens, if people are caching, the CSRF token on the 
+  # we need to allow account login with bad CSRF tokens, if people are caching, the CSRF token on the
   #  page is going to be empty, this means that server will see an invalid CSRF and blow the session
   #  once that happens you can't log in with social
   skip_before_filter :verify_authenticity_token, only: [:create]
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 673a5e6c8e0..8cd21596379 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -11,7 +11,7 @@ class UsersController < ApplicationController
   # we need to allow account creation with bad CSRF tokens, if people are caching, the CSRF token on the
   #  page is going to be empty, this means that server will see an invalid CSRF and blow the session
   #  once that happens you can't log in with social
-  skip_before_filter :verify_authenticity_token, only: [:create]
+  skip_before_filter :verify_authenticity_token, only: [:create, :check_username]
 
   def show
     @user = fetch_user_from_params