diff options
| author | Yves Senn <yves.senn@gmail.com> | 2014-03-08 15:46:43 +0100 |
|---|---|---|
| committer | Yves Senn <yves.senn@gmail.com> | 2014-03-08 15:46:43 +0100 |
| commit | dc8bfc8ab62c3e3a776297226ef43027bc7d09c1 (patch) | |
| tree | a9a1140ef79f7e7f9d9ae8f2d28e66cb1631e8e6 /guides/source/action_view_overview.md | |
| parent | 2883cb97663ec4cc41932d4e8d0878af96262372 (diff) | |
| download | rails-dc8bfc8ab62c3e3a776297226ef43027bc7d09c1.tar.gz rails-dc8bfc8ab62c3e3a776297226ef43027bc7d09c1.tar.bz2 rails-dc8bfc8ab62c3e3a776297226ef43027bc7d09c1.zip | |
docs, shorten CsrfHelper description and refer to security guide. [ci skip]
Diffstat (limited to 'guides/source/action_view_overview.md')
| -rw-r--r-- | guides/source/action_view_overview.md | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index f31bc4552c..74f95bfcfd 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1591,16 +1591,11 @@ Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site request forgery protection parameter and token, respectively. ```html - <%= csrf_meta_tags %> +<%= csrf_meta_tags %> ``` -These are used to generate the dynamic forms that implement non-remote links -with `:method`. - -Note that regular forms generate hidden fields, and that Ajax calls are -whitelisted, so they do not use these tags. - -More details can be found in the [Rails Security Guide](security.html). +NOTE: Regular forms generate hidden fields so they do not use these tags. More +details can be found in the [Rails Security Guide](security.html#cross-site-request-forgery-csrf). Localized Views --------------- |