From 4df9680a6fe6608e8a82924f52e51a028a8575e5 Mon Sep 17 00:00:00 2001 From: Luke Amdor Date: Mon, 27 Apr 2009 11:30:08 -0500 Subject: Removed reference in documentation of form_authenticity_token to deprecated :secret option of protect_from_forgery --- actionpack/lib/action_controller/base/request_forgery_protection.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/base/request_forgery_protection.rb b/actionpack/lib/action_controller/base/request_forgery_protection.rb index 3067122ceb..df91dc1006 100644 --- a/actionpack/lib/action_controller/base/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/base/request_forgery_protection.rb @@ -96,8 +96,7 @@ module ActionController #:nodoc: !request.content_type.nil? && request.content_type.verify_request? end - # Sets the token value for the current session. Pass a :secret option - # in +protect_from_forgery+ to add a custom salt to the hash. + # Sets the token value for the current session. def form_authenticity_token session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) end -- cgit v1.2.3