fix typos on the CSRF whitelisting doc

1 files changed, 3 insertions, 3 deletions

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index eb7057d278..c99fed9212 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -8,10 +8,10 @@ module ActionController #:nodoc:
   # Controller actions are protected from Cross-Site Request Forgery (CSRF) attacks
   # by including a token in the rendered html for your application. This token is
   # stored as a random string in the session, to which an attacker does not have
-  # access. When a request reaches your application, Rails verifies the received
+  # access. When a request reaches your application, \Rails verifies the received
   # token with the token in the session. All requests are checked except GET requests
-  # as these should be idempotent. It's is important to remember that XML or JSON
-  # requests are also affected and if you're building an API  you'll need 
+  # as these should be idempotent. It's important to remember that XML or JSON
+  # requests are also affected and if you're building an API you'll need
   # something like that:
   #
   #   class ApplicationController < ActionController::Base