[getting started guide] more explanation around the delete routing method:

1 files changed, 15 insertions, 7 deletions

diff --git a/guides/source/getting_started.textile b/guides/source/getting_started.textile
index 166de11deb..6051b43bd3 100644
--- a/guides/source/getting_started.textile
+++ b/guides/source/getting_started.textile
@@ -1063,24 +1063,32 @@ called +post_url+ and +post_path+ available to our application. These are
 precisely the methods that the +form_for+ needs when editing a post, and so now
 you'll be able to update posts again.
 
+NOTE: The +:as+ option is available on the +post+, +put+, +delete+ and +match+
+routing methods also.
+
 h4. Deleting Posts
 
 We're now ready to cover the "D" part of CRUD, deleting posts from the
 database. Following the REST convention, we're going to add a route for
-deleting posts:
+deleting posts to +config/routes.rb+:
 
 <ruby>
-# config/routes.rb
-
 delete "posts/:id" => "posts#destroy"
 </ruby>
 
-We use the +delete+ method for destroying resources, which is mapped to
-the +destroy+ action, which is provided below:
+The +delete+ routing method should be used for routes that destroy
+resources. If this was left as a typical +get+ route, it could be possible for
+people to craft malicious URLs like this:
 
-<ruby>
-# app/controllers/posts_controller.rb
+<html>
+<a href='http://yoursite.com/posts/1/destroy'>look at this cat!</a>
+</html>
+
+We use the +delete+ method for destroying resources, and this route is mapped to
+the +destroy+ action inside +app/controllers/posts_controller.rb+, which doesn't exist yet, but is
+provided below:
 
+<ruby>
 def destroy
   @post = Post.find(params[:id])
   @post.destroy