diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index 021011390..df008c3e3 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -75,8 +75,8 @@ class Epp::SessionsController < EppController
     end
 
     if success
-      if parsed_frame.css('newPW').first
-        unless @api_user.update(password: parsed_frame.css('newPW').first.text)
+      if params[:parsed_frame].css('newPW').first
+        unless @api_user.update(password: params[:parsed_frame].css('newPW').first.text)
           response.headers['X-EPP-Returncode'] = '2500'
           handle_errors(@api_user) and return
         end
@@ -127,8 +127,4 @@ class Epp::SessionsController < EppController
     ph = params_hash['epp']['command']['login']
     { username: ph[:clID], password: ph[:pw] }
   end
-
-  def parsed_frame
-    @parsed_frame ||= Nokogiri::XML(request.params[:raw_frame]).remove_namespaces!
-  end
 end
diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb
index 2c7c25faf..931878979 100644
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@@ -6,8 +6,8 @@ class EppController < ApplicationController
 
   before_action :generate_svtrid
   before_action :latin_only
-  before_action :validate_against_schema
 
+  before_action :validate_against_schema
   def validate_against_schema
     return if ['hello', 'error'].include?(params[:action])
     params[:schema] = 'epp-1.0.xsd' unless params[:schema]