1 files changed, 8 insertions, 1 deletions

diff --git a/guides/source/security.md b/guides/source/security.md
index 4a80edbdad..e4cc79df55 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -249,7 +249,14 @@ protect_from_forgery with: :exception
 
 This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown.
 
-NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for jQuery](https://github.com/rails/jquery-ujs), which adds a header called `X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. Without this header, non-GET Ajax requests won't be accepted by Rails. When using another library to make Ajax calls, it is necessary to add the security token as a default header for Ajax calls in your library. To get the token, have a look at `<meta name='csrf-token' content='THE-TOKEN'>` tag printed by `<%= csrf_meta_tags %>` in your application view.
+NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for
+jQuery](https://github.com/rails/jquery-ujs), which adds a header called
+`X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token.
+Without this header, non-GET Ajax requests won't be accepted by Rails. When using
+another library to make Ajax calls, it is necessary to add the security token as
+a default header for Ajax calls in your library. To get the token, have a look at
+`<meta name='csrf-token' content='THE-TOKEN'>` tag printed by
+`<%= csrf_meta_tags %>` in your application view.
 
 It is common to use persistent cookies to store user information, with `cookies.permanent` for example. In this case, the cookies will not be cleared and the out of the box CSRF protection will not be effective. If you are using a different cookie store than the session for this information, you must handle what to do with it yourself: