Use omniauth-rails_csrf_protection gem

It seems like omniauth-rails is not actually the correct gem:

  omniauth/omniauth-rails#2 (comment)

Here's the relevant instructions:

  https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Author: dgmstuart

Gemfile

@@ -18,7 +18,7 @@ gem 'jbuilder'
 gem 'jquery-rails'
 gem 'memcachier'
 gem 'omniauth-facebook'
-gem 'omniauth-rails', git: 'https://github.com/omniauth/omniauth-rails', branch: 'CVE-2015-9284'
+gem 'omniauth-rails_csrf_protection'
 gem 'pg'
 gem 'pry-rails'
 gem 'puma'

Gemfile.lock

@@ -1,12 +1,3 @@
-GIT
-  remote: https://github.com/omniauth/omniauth-rails
-  revision: 8ef80e7da0b4b12dd403ba579b0a34dd6efebdae
-  branch: CVE-2015-9284
-  specs:
-    omniauth-rails (1.0.0)
-      omniauth (~> 1.0)
-      rails
-
 GEM
   remote: https://rubygems.org/
   specs:
@@ -193,6 +184,9 @@ GEM
     omniauth-oauth2 (1.5.0)
       oauth2 (~> 1.1)
       omniauth (~> 1.2)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
     parallel (1.20.1)
     parser (3.0.1.1)
       ast (~> 2.4.1)
@@ -372,7 +366,7 @@ DEPENDENCIES
   memcachier
   oj
   omniauth-facebook
-  omniauth-rails!
+  omniauth-rails_csrf_protection
   pg
   pry-rails
   puma