From 167964149e76d66742675a1505e1030e1c8f440b Mon Sep 17 00:00:00 2001
From: Ryan Bigg <radarlistener@gmail.com>
Date: Sat, 27 Nov 2010 07:56:08 +1100
Subject: Add explicit statement that verify_authenticity_token can be turned
 off for actions.

---
 .../lib/action_controller/metal/request_forgery_protection.rb  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'actionpack/lib/action_controller/metal')

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 02f577647e..148efbb081 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -53,9 +53,13 @@ module ActionController #:nodoc:
       #   class FooController < ApplicationController
       #     protect_from_forgery :except => :index
       #
-      #     # you can disable csrf protection on controller-by-controller basis:
-      #     skip_before_filter :verify_authenticity_token
-      #   end
+      # You can disable csrf protection on controller-by-controller basis:
+      #
+      #   skip_before_filter :verify_authenticity_token
+      #
+      # It can also be disabled for specific controller actions:
+      #
+      #   skip_before_filter :verify_authenticity_token, :except => [:create]
       #
       # Valid Options:
       #
-- 
cgit v1.2.3