From 199e2772282ce3ab51a78d5ebc0efb7b366ac276 Mon Sep 17 00:00:00 2001 From: Prathamesh Sonpatki Date: Tue, 28 Apr 2015 09:52:53 +0530 Subject: Updated request_forgery_protection docs [ci skip] - Changed Javascript to JavaScript. - Added full-stop which was missing, also wrapped the sentence to 80 chars. - Changed proc to Proc and oauth to OAuth. --- .../lib/action_controller/metal/request_forgery_protection.rb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb') diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 663a969f72..31c8856437 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -15,9 +15,9 @@ module ActionController #:nodoc: # access. When a request reaches your application, \Rails verifies the received # token with the token in the session. All requests are checked except GET requests # as these should be idempotent. Keep in mind that all session-oriented requests - # should be CSRF protected, including Javascript and HTML requests. + # should be CSRF protected, including JavaScript and HTML requests. # - # Since HTML and Javascript requests are typically made from the browser, we + # Since HTML and JavaScript requests are typically made from the browser, we # need to ensure to verify request authenticity for the web browser. We can # use session-oriented authentication for these types requests, by using # the `protect_form_forgery` method in our controllers. @@ -40,7 +40,8 @@ module ActionController #:nodoc: # # CSRF protection is turned on with the protect_from_forgery method. # By default protect_from_forgery protects your session with - # :null_session method, which provides an empty session during request + # :null_session method, which provides an empty session + # during request. # # We may want to disable CSRF protection for APIs since they are typically # designed to be state-less. That is, the requestion API client will handle @@ -96,10 +97,10 @@ module ActionController #:nodoc: # Valid Options: # # * :only/:except - Only apply forgery protection to a subset of actions. Like only: [ :create, :create_all ]. - # * :if/:unless - Turn off the forgery protection entirely depending on the passed proc or method reference. + # * :if/:unless - Turn off the forgery protection entirely depending on the passed Proc or method reference. # * :prepend - By default, the verification of the authentication token is added to the front of the # callback chain. If you need to make the verification depend on other callbacks, like authentication methods - # (say cookies vs oauth), this might not work for you. Pass prepend: false to just add the + # (say cookies vs OAuth), this might not work for you. Pass prepend: false to just add the # verification callback in the position of the protect_from_forgery call. This means any callbacks added # before are run first. # * :with - Set the method to handle unverified request. -- cgit v1.2.3