The first comment does not explain anything that the code doesnt and the second is now irrelevant with the dedicated API mode

author: David Heinemeier Hansson <david@loudthinking.com> 2016-05-28 16:18:38 +0200
committer: David Heinemeier Hansson <david@loudthinking.com> 2016-05-28 16:18:54 +0200
commit: 9fe65c6214d0c75b64de8e33eb86311b5b7ebd28 (patch)
tree: 89338fc51dc620570d130b40ca6059bdbd8d4201 /railties
parent: c7f950ad57e50ab68f50a55b2ad17238b9e9b708 (diff)
download: rails-9fe65c6214d0c75b64de8e33eb86311b5b7ebd28.tar.gz
rails-9fe65c6214d0c75b64de8e33eb86311b5b7ebd28.tar.bz2
rails-9fe65c6214d0c75b64de8e33eb86311b5b7ebd28.zip
1 files changed, 0 insertions, 2 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
index f726fd6305..413354186d 100644
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -1,7 +1,5 @@
 class ApplicationController < ActionController::<%= options[:api] ? "API" : "Base" %>
 <%- unless options[:api] -%>
-  # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 <%- end -%>
 end
author	David Heinemeier Hansson <david@loudthinking.com>	2016-05-28 16:18:38 +0200
committer	David Heinemeier Hansson <david@loudthinking.com>	2016-05-28 16:18:54 +0200
commit	9fe65c6214d0c75b64de8e33eb86311b5b7ebd28 (patch)
tree	89338fc51dc620570d130b40ca6059bdbd8d4201 /railties
parent	c7f950ad57e50ab68f50a55b2ad17238b9e9b708 (diff)
download	rails-9fe65c6214d0c75b64de8e33eb86311b5b7ebd28.tar.gz rails-9fe65c6214d0c75b64de8e33eb86311b5b7ebd28.tar.bz2 rails-9fe65c6214d0c75b64de8e33eb86311b5b7ebd28.zip