diff options
| author | Ryan Bigg <radarlistener@gmail.com> | 2010-11-27 07:56:08 +1100 |
|---|---|---|
| committer | Ryan Bigg <radarlistener@gmail.com> | 2010-11-27 07:57:10 +1100 |
| commit | 167964149e76d66742675a1505e1030e1c8f440b (patch) | |
| tree | 4ddd6ebc4a20ba73d3879f86c1cc732a0522d287 /actionpack | |
| parent | 6aa408e11cc99603778eb99e8cd2e585e0f97b50 (diff) | |
| download | rails-167964149e76d66742675a1505e1030e1c8f440b.tar.gz rails-167964149e76d66742675a1505e1030e1c8f440b.tar.bz2 rails-167964149e76d66742675a1505e1030e1c8f440b.zip | |
Add explicit statement that verify_authenticity_token can be turned off for actions.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 02f577647e..148efbb081 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -53,9 +53,13 @@ module ActionController #:nodoc: # class FooController < ApplicationController # protect_from_forgery :except => :index # - # # you can disable csrf protection on controller-by-controller basis: - # skip_before_filter :verify_authenticity_token - # end + # You can disable csrf protection on controller-by-controller basis: + # + # skip_before_filter :verify_authenticity_token + # + # It can also be disabled for specific controller actions: + # + # skip_before_filter :verify_authenticity_token, :except => [:create] # # Valid Options: # |