diff options
| author | Josef Šimánek <josef.simanek@gmail.com> | 2015-01-04 23:42:25 +0100 |
|---|---|---|
| committer | Josef Šimánek <josef.simanek@gmail.com> | 2015-01-04 23:59:11 +0100 |
| commit | 24d48dfc1a1a8e120ffb06f136eada9a9a7334bb (patch) | |
| tree | 528f28b42f28b4b58b9b930725315e7da327f692 /actionpack | |
| parent | 5868307b74161063b4476a792b4ad3571ec61817 (diff) | |
| download | rails-24d48dfc1a1a8e120ffb06f136eada9a9a7334bb.tar.gz rails-24d48dfc1a1a8e120ffb06f136eada9a9a7334bb.tar.bz2 rails-24d48dfc1a1a8e120ffb06f136eada9a9a7334bb.zip | |
Document all options for protect_from_forgery.
[ci skip]
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index d1fab27e17..0932f03916 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -29,14 +29,7 @@ module ActionController #:nodoc: # you're building an API you'll need something like: # # class ApplicationController < ActionController::Base - # protect_from_forgery - # skip_before_action :verify_authenticity_token, if: :json_request? - # - # protected - # - # def json_request? - # request.format.json? - # end + # protect_from_forgery unless: -> { request.format.json? } # end # # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method, @@ -93,6 +86,7 @@ module ActionController #:nodoc: # Valid Options: # # * <tt>:only/:except</tt> - Passed to the <tt>before_action</tt> call. Set which actions are verified. + # * <tt>:if/:unless</tt> - Passed to the <tt>before_action</tt> call. Set when actions are verified. # * <tt>:with</tt> - Set the method to handle unverified request. # # Valid unverified request handling methods are: |