Add XSRF protection to oauth2decorator callback.
Also update all samples to use XSRF callback protection.
Reviewed in https://codereview.appspot.com/6473053/.
diff --git a/samples/appengine/grant.html b/samples/appengine/grant.html
index 0087325..aeb678b 100644
--- a/samples/appengine/grant.html
+++ b/samples/appengine/grant.html
@@ -8,7 +8,7 @@
application</a>.</p>
{% else %}
<p><a href="{{ url }}">Grant</a> this application permission to read your
- Buzz information and it will let you know how many followers you have.</p>
+ Google+ information and it will let you know how many followers you have.</p>
{% endif %}
<p>You can always <a
href="https://www.google.com/accounts/b/0/IssuedAuthSubTokens">revoke</a>