Controllers/api/v1/channel.php

@@ -70,7 +70,6 @@ class channel implements Interfaces\Api
         $response['channel']['briefdescription'] = $response['channel']['briefdescription'] ?: '';
         $response['channel']['city'] = $response['channel']['city'] ?: "";
         $response['channel']['gender'] = $response['channel']['gender'] ?: "";
-        $response['channel']['dob'] = $response['channel']['dob'] ?: "";
 
         if (!$user->merchant || !$supporters_count) {
             $db = new Core\Data\Call('entities_by_time');
@@ -234,7 +233,7 @@ class channel implements Interfaces\Api
 
                 $update = [];
                 foreach (['name', 'website', 'briefdescription', 'gender',
-                  'dob', 'city', 'coordinates', 'monetized'] as $field) {
+                        'city', 'coordinates', 'monetized'] as $field) {
                     if (isset($_POST[$field])) {
                         $update[$field] = $_POST[$field];
                         $owner->$field = $_POST[$field];

Core/Security/XSRF.php

@@ -17,8 +17,8 @@ class XSRF
 
     public static function validateRequest()
     {
-        if (!Core\Session::isLoggedIn() && $_SERVER['REQUEST_METHOD'] === 'GET') {
-            return true; // If logged out and GET request we can accept
+        if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+            return true; // XSRF only needed for modifiers
         }
 
         if (!isset($_SERVER['HTTP_X_XSRF_TOKEN'])) {

Entities/User.php

@@ -1195,7 +1195,6 @@ class User extends \ElggUser
         return array_merge(parent::getExportableValues(), [
             'website',
             'briefdescription',
-            'dob',
             'gender',
             'city',
             'merchant',