Add explicit statement that verify_authenticity_token can be turned off for actions.

2010-11-27 07:56:08 +11:00 · 2010-11-27 07:56:08 +11:00 · 167964149e
commit 167964149e
parent 6aa408e11c
1 changed files with 7 additions and 3 deletions
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@ -53,9 +53,13 @@ module ClassMethods
      #   class FooController < ApplicationController
      #     protect_from_forgery :except => :index
      #
-      #     # you can disable csrf protection on controller-by-controller basis:
-      #     skip_before_filter :verify_authenticity_token
-      #   end
+      # You can disable csrf protection on controller-by-controller basis:
+      #
+      #   skip_before_filter :verify_authenticity_token
+      #
+      # It can also be disabled for specific controller actions:
+      #
+      #   skip_before_filter :verify_authenticity_token, :except => [:create]
      #
      # Valid Options:
      #