Permalink
Browse files

Add explicit statement that verify_authenticity_token can be turned o…

…ff for actions.
  • Loading branch information...
1 parent 9c6afa7 commit 2c4bab6e7b7c65f808908f057f3adcd6c2f6c8c8 @radar radar committed with fxn Nov 26, 2010
Showing with 7 additions and 3 deletions.
  1. +7 −3 actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -71,9 +71,13 @@ module ClassMethods
# class FooController < ApplicationController
# protect_from_forgery :except => :index
#
- # # you can disable csrf protection on controller-by-controller basis:
- # skip_before_filter :verify_authenticity_token
- # end
+ # You can disable csrf protection on controller-by-controller basis:
+ #
+ # skip_before_filter :verify_authenticity_token
+ #
+ # It can also be disabled for specific controller actions:
+ #
+ # skip_before_filter :verify_authenticity_token, :except => [:create]
#
# Valid Options:
#

0 comments on commit 2c4bab6

Please sign in to comment.