diff --git a/changelogs/unreleased/remove_old_csrf_generation_monkey_patch.yml b/changelogs/unreleased/remove_old_csrf_generation_monkey_patch.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3a751b5bf4c35acd3f9263824030edebc400cb2d
--- /dev/null
+++ b/changelogs/unreleased/remove_old_csrf_generation_monkey_patch.yml
@@ -0,0 +1,5 @@
+---
+title: Removes monkey patch to generate 6.0.3 style token
+merge_request: 35104
+author:
+type: other
diff --git a/config/initializers/actionpack_generate_old_csrf_token.rb b/config/initializers/actionpack_generate_old_csrf_token.rb
deleted file mode 100644
index 6367a1d4d59c5774fe0f5fd2c4d81ba9bd442586..0000000000000000000000000000000000000000
--- a/config/initializers/actionpack_generate_old_csrf_token.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
- module RequestForgeryProtectionPatch
- private
-
- # Patch to generate 6.0.3 tokens so that we do not have CSRF errors while
- # rolling out 6.0.3.1. This enables GitLab to have a mix of 6.0.3 and
- # 6.0.3.1 Rails servers
- #
- # 1. Deploy this patch with :global_csrf_token FF disabled.
- # 2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF.
- # 3. On GitLab 13.2, remove this patch
- def masked_authenticity_token(session, form_options: {})
- action, method = form_options.values_at(:action, :method)
-
- raw_token = if per_form_csrf_tokens && action && method
- action_path = normalize_action_path(action)
- per_form_csrf_token(session, action_path, method)
- else
- if Feature.enabled?(:global_csrf_token)
- global_csrf_token(session)
- else
- real_csrf_token(session)
- end
- end
-
- mask_token(raw_token)
- end
- end
-end
-
-ActionController::Base.include Gitlab::RequestForgeryProtectionPatch
diff --git a/spec/initializers/actionpack_generate_old_csrf_token_spec.rb b/spec/initializers/actionpack_generate_old_csrf_token_spec.rb
deleted file mode 100644
index 036f52398bb579a9e4189c34a9482c33d96397e0..0000000000000000000000000000000000000000
--- a/spec/initializers/actionpack_generate_old_csrf_token_spec.rb
+++ /dev/null
@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe ActionController::Base, 'CSRF token generation patch', type: :controller do # rubocop:disable RSpec/FilePath
- let(:fixed_seed) { SecureRandom.random_bytes(described_class::AUTHENTICITY_TOKEN_LENGTH) }
-
- context 'global_csrf_token feature flag is enabled' do
- it 'generates 6.0.3.1 style CSRF token', :aggregate_failures do
- generated_token = controller.send(:form_authenticity_token)
-
- expect(valid_authenticity_token?(generated_token)).to be_truthy
- expect(compare_with_real_token(generated_token)).to be_falsey
- expect(compare_with_global_token(generated_token)).to be_truthy
- end
- end
-
- context 'global_csrf_token feature flag is disabled' do
- before do
- stub_feature_flags(global_csrf_token: false)
- end
-
- it 'generates 6.0.3 style CSRF token', :aggregate_failures do
- generated_token = controller.send(:form_authenticity_token)
-
- expect(valid_authenticity_token?(generated_token)).to be_truthy
- expect(compare_with_real_token(generated_token)).to be_truthy
- expect(compare_with_global_token(generated_token)).to be_falsey
- end
- end
-
- def compare_with_global_token(token)
- unmasked_token = controller.send :unmask_token, Base64.strict_decode64(token)
-
- controller.send(:compare_with_global_token, unmasked_token, session)
- end
-
- def compare_with_real_token(token)
- unmasked_token = controller.send :unmask_token, Base64.strict_decode64(token)
-
- controller.send(:compare_with_real_token, unmasked_token, session)
- end
-
- def valid_authenticity_token?(token)
- controller.send(:valid_authenticity_token?, session, token)
- end
-end