aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorRyan Bigg <radarlistener@gmail.com>2010-11-27 07:56:08 +1100
committerRyan Bigg <radarlistener@gmail.com>2010-11-27 07:57:10 +1100
commit167964149e76d66742675a1505e1030e1c8f440b (patch)
tree4ddd6ebc4a20ba73d3879f86c1cc732a0522d287 /actionpack
parent6aa408e11cc99603778eb99e8cd2e585e0f97b50 (diff)
downloadrails-167964149e76d66742675a1505e1030e1c8f440b.tar.gz
rails-167964149e76d66742675a1505e1030e1c8f440b.tar.bz2
rails-167964149e76d66742675a1505e1030e1c8f440b.zip
Add explicit statement that verify_authenticity_token can be turned off for actions.
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb10
1 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 02f577647e..148efbb081 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -53,9 +53,13 @@ module ActionController #:nodoc:
# class FooController < ApplicationController
# protect_from_forgery :except => :index
#
- # # you can disable csrf protection on controller-by-controller basis:
- # skip_before_filter :verify_authenticity_token
- # end
+ # You can disable csrf protection on controller-by-controller basis:
+ #
+ # skip_before_filter :verify_authenticity_token
+ #
+ # It can also be disabled for specific controller actions:
+ #
+ # skip_before_filter :verify_authenticity_token, :except => [:create]
#
# Valid Options:
#