aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
diff options
context:
space:
mode:
authorJosef Šimánek <josef.simanek@gmail.com>2015-01-04 23:42:25 +0100
committerJosef Šimánek <josef.simanek@gmail.com>2015-01-04 23:59:11 +0100
commit24d48dfc1a1a8e120ffb06f136eada9a9a7334bb (patch)
tree528f28b42f28b4b58b9b930725315e7da327f692 /actionpack/lib
parent5868307b74161063b4476a792b4ad3571ec61817 (diff)
downloadrails-24d48dfc1a1a8e120ffb06f136eada9a9a7334bb.tar.gz
rails-24d48dfc1a1a8e120ffb06f136eada9a9a7334bb.tar.bz2
rails-24d48dfc1a1a8e120ffb06f136eada9a9a7334bb.zip
Document all options for protect_from_forgery.
[ci skip]
Diffstat (limited to 'actionpack/lib')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb10
1 files changed, 2 insertions, 8 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index d1fab27e17..0932f03916 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -29,14 +29,7 @@ module ActionController #:nodoc:
# you're building an API you'll need something like:
#
# class ApplicationController < ActionController::Base
- # protect_from_forgery
- # skip_before_action :verify_authenticity_token, if: :json_request?
- #
- # protected
- #
- # def json_request?
- # request.format.json?
- # end
+ # protect_from_forgery unless: -> { request.format.json? }
# end
#
# CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
@@ -93,6 +86,7 @@ module ActionController #:nodoc:
# Valid Options:
#
# * <tt>:only/:except</tt> - Passed to the <tt>before_action</tt> call. Set which actions are verified.
+ # * <tt>:if/:unless</tt> - Passed to the <tt>before_action</tt> call. Set when actions are verified.
# * <tt>:with</tt> - Set the method to handle unverified request.
#
# Valid unverified request handling methods are: