diff options
author | Rafael França <rafaelmfranca@gmail.com> | 2016-07-12 03:58:17 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-12 03:58:17 -0300 |
commit | 3df3d80ade705dd096ec481845ff0fc2d70427b0 (patch) | |
tree | fbbc8c3ad540d0ff60ca09d2caca7a3149263759 /guides/source/security.md | |
parent | 2afd5e78b842a84e401a030bc747bf60879863e2 (diff) | |
parent | d8575289a2d278ae8866cb7cddf38d8f2e9dc010 (diff) | |
download | rails-3df3d80ade705dd096ec481845ff0fc2d70427b0.tar.gz rails-3df3d80ade705dd096ec481845ff0fc2d70427b0.tar.bz2 rails-3df3d80ade705dd096ec481845ff0fc2d70427b0.zip |
Merge pull request #25794 from mechanicles/rails-to-Rails
rails -> Rails [ci skip]
Diffstat (limited to 'guides/source/security.md')
-rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index ca985134e6..2d1bc3b5b3 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -249,7 +249,7 @@ There are many other possibilities, like using a `<script>` tag to make a cross- Note: We can't distinguish a `<script>` tag's origin—whether it's a tag on your own site or on some other malicious site—so we must block all `<script>` across the board, even if it's actually a safe same-origin script served from your own site. In these cases, explicitly skip CSRF protection on actions that serve JavaScript meant for a `<script>` tag. -To protect against all other forged requests, we introduce a _required security token_ that our site knows but other sites don't know. We include the security token in requests and verify it on the server. This is a one-liner in your application controller, and is the default for newly created rails applications: +To protect against all other forged requests, we introduce a _required security token_ that our site knows but other sites don't know. We include the security token in requests and verify it on the server. This is a one-liner in your application controller, and is the default for newly created Rails applications: ```ruby protect_from_forgery with: :exception |