diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d4e58224..5dd35859 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base
   include Pundit
   include PunditExtra
   rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
-  protect_from_forgery(with: :exception)
 
   before_action :invite_link
   before_action :prepare_exception_notifier
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8841cea3..8a1cd760 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -5,6 +5,16 @@ class UsersController < ApplicationController
 
   respond_to :html, :json
 
+  # GET /users/current
+  def current
+    #if current_user
+      # these are just options, saying include these values, they aren't the values themselves
+      render json: current_user.to_json({follows: true, email: true, follow_settings: true, emails_allowed: true})
+    #else
+     # render json: nil
+    #end
+  end
+
   # GET /users/1.json
   def show
     @user = User.find(params[:id])
diff --git a/app/models/user.rb b/app/models/user.rb
index 033e3ff6..f87c03d3 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -70,6 +70,7 @@ class User < ApplicationRecord
       json['follow_map_on_contributed'] = settings.follow_map_on_contributed == '1'
     end
     json['email'] = email if options[:email]
+    json['emails_allowed'] = emails_allowed if options[:emails_allowed]
     json
   end
 
diff --git a/config/environments/development.rb b/config/environments/development.rb
index c491510f..2697d02a 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -6,6 +6,10 @@ Rails.application.configure do
   config.log_level = :info
   config.eager_load = false
 
+  config.action_cable.allowed_request_origins = [
+    'http://localhost:3000'
+  ]
+
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 3dea4927..bbad506d 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -5,7 +5,7 @@ Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb
 
   config.action_cable.allowed_request_origins = [
-    'https://metamaps.herokuapp.com', 'http://metamaps.herokuapp.com', 'https://metamaps.cc'
+    'https://metamaps.herokuapp.com', 'https://metamaps.cc'
   ]
 
   # log to stdout
diff --git a/config/routes.rb b/config/routes.rb
index eba0d5e1..d0aafc6a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -112,6 +112,9 @@ Metamaps::Application.routes.draw do
   end
 
   resources :users, except: %i[index destroy] do
+    collection do
+      get :current
+    end
     member do
       get :details
     end