diff --git a/app/controllers/gene_sequence_assets_controller.rb b/app/controllers/gene_sequence_assets_controller.rb
index 69526e9a6..aaa86bd5f 100644
--- a/app/controllers/gene_sequence_assets_controller.rb
+++ b/app/controllers/gene_sequence_assets_controller.rb
@@ -3,8 +3,6 @@
 class GeneSequenceAssetsController < ApplicationController
   include ActiveStorage::SetCurrent
 
-  skip_before_action :verify_authenticity_token
-
   before_action :check_open_vector_service_enabled, except: %i(new edit)
   before_action :load_vars, except: %i(new create)
   before_action :load_create_vars, only: %i(new create)
diff --git a/app/controllers/results_controller.rb b/app/controllers/results_controller.rb
index 3bc46e3d2..598949a55 100644
--- a/app/controllers/results_controller.rb
+++ b/app/controllers/results_controller.rb
@@ -3,7 +3,6 @@
 class ResultsController < ApplicationController
   include Breadcrumbs
   include TeamsHelper
-  skip_before_action :verify_authenticity_token, only: %i(create update destroy duplicate)
   before_action :load_my_module
   before_action :load_vars, only: %i(destroy elements assets upload_attachment archive restore destroy
                                      update_view_state update_asset_view_mode update duplicate)
diff --git a/app/models/asset.rb b/app/models/asset.rb
index ac52a1288..e22dbaafb 100644
--- a/app/models/asset.rb
+++ b/app/models/asset.rb
@@ -296,18 +296,10 @@ class Asset < ApplicationRecord
     action = get_action(file_ext, action)
     if !action.nil?
       action_url = action[:urlsrc]
-      if ENV['WOPI_BUSINESS_USERS'] && ENV['WOPI_BUSINESS_USERS'] == 'true'
-        action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER&>/,
-                                     'IsLicensedUser=1&')
-        action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER>/,
-                                     'IsLicensedUser=1')
-      else
-        action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER&>/,
-                                     'IsLicensedUser=0&')
-        action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER>/,
-                                     'IsLicensedUser=0')
-      end
-      action_url = action_url.gsub(/<.*?=.*?>/, '')
+
+      # Extract only the licenced user flag parameter
+      is_licenced_user = ENV['WOPI_BUSINESS_USERS'] == 'true' && action_url[:urlsrc].include?('IsLicensedUser=BUSINESS_USER')
+      action_url = action_url[:urlsrc].split('?').first + "?IsLicencedUser=#{is_licenced_user ? 1 : 0}"
 
       rest_url = Rails.application.routes.url_helpers.wopi_rest_endpoint_url(
         host: ENV['WOPI_ENDPOINT_URL'],