Merge pull request #7616 from lest/null-session-forgery-protection

Implement :null_session CSRF protection method
author: Michael Koziarski <michael@koziarski.com> 2012-09-13 20:44:45 -0700
committer: Michael Koziarski <michael@koziarski.com> 2012-09-13 20:44:45 -0700
commit: bb732beba7c0c6f54b12eb774bc78790dd955b65 (patch)
tree: 7e7e7c0d59a74db292434ea9abc9136cb5d17a9b /railties/lib/rails/generators
parent: 0247443debe3670b016495aa32602e82186bfce4 (diff)
parent: 95be790ece75710f2588558a6d5f40fd09543b97 (diff)
download: rails-bb732beba7c0c6f54b12eb774bc78790dd955b65.tar.gz
rails-bb732beba7c0c6f54b12eb774bc78790dd955b65.tar.bz2
rails-bb732beba7c0c6f54b12eb774bc78790dd955b65.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
index 6c0ef31725..d83690e1b9 100644
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -1,5 +1,5 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :reset_session instead.
+  # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 end
author	Michael Koziarski <michael@koziarski.com>	2012-09-13 20:44:45 -0700
committer	Michael Koziarski <michael@koziarski.com>	2012-09-13 20:44:45 -0700
commit	bb732beba7c0c6f54b12eb774bc78790dd955b65 (patch)
tree	7e7e7c0d59a74db292434ea9abc9136cb5d17a9b /railties/lib/rails/generators
parent	0247443debe3670b016495aa32602e82186bfce4 (diff)
parent	95be790ece75710f2588558a6d5f40fd09543b97 (diff)
download	rails-bb732beba7c0c6f54b12eb774bc78790dd955b65.tar.gz rails-bb732beba7c0c6f54b12eb774bc78790dd955b65.tar.bz2 rails-bb732beba7c0c6f54b12eb774bc78790dd955b65.zip