aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
diff options
context:
space:
mode:
authorJosef Šimánek <josef.simanek@gmail.com>2015-01-06 00:37:37 +0100
committerJosef Šimánek <josef.simanek@gmail.com>2015-01-06 00:37:37 +0100
commit734306612e2ec5fe1c978d37e401f81beb79e93b (patch)
treeaac0c85c5fa85e2aa2075479cd64516968bfae6b /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent00dad0343b3aa6cf019afe3c727d4a3d95ddc383 (diff)
downloadrails-734306612e2ec5fe1c978d37e401f81beb79e93b.tar.gz
rails-734306612e2ec5fe1c978d37e401f81beb79e93b.tar.bz2
rails-734306612e2ec5fe1c978d37e401f81beb79e93b.zip
Improve protect_from_forgery documentation. [ci skip].
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb6
1 files changed, 3 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 0932f03916..b9a1e7d242 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -80,13 +80,13 @@ module ActionController #:nodoc:
# class FooController < ApplicationController
# protect_from_forgery except: :index
#
- # You can disable CSRF protection on controller by skipping the verification before_action:
+ # You can disable forgery protection on controller by skipping the verification before_action:
# skip_before_action :verify_authenticity_token
#
# Valid Options:
#
- # * <tt>:only/:except</tt> - Passed to the <tt>before_action</tt> call. Set which actions are verified.
- # * <tt>:if/:unless</tt> - Passed to the <tt>before_action</tt> call. Set when actions are verified.
+ # * <tt>:only/:except</tt> - Only apply forgery protection to a subset of actions. Like <tt>only: [ :create, :create_all ]</tt>.
+ # * <tt>:if/:unless</tt> - Turn off the forgery protection entirely depending on the passed proc or method reference.
# * <tt>:with</tt> - Set the method to handle unverified request.
#
# Valid unverified request handling methods are: