mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move up the notice to the line of `:with` explanation

This commit is contained in:
Yutaka Kamei 2023-09-29 11:45:42 +09:00
parent be31560a13
commit f7cc8b3191
No known key found for this signature in database
GPG Key ID: 42304C9D0AD2B3D3
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
actionpack/lib/action_controller/metal/request_forgery_protection.rb
View File

@ -129,13 +129,12 @@ module ActionController # :nodoc:
#
# If you need to add verification to the beginning of the callback chain, use <tt>prepend: true</tt>.
# * <tt>:with</tt> - Set the method to handle unverified request.
# Note if <tt>default_protect_from_forgery</tt> is true, Rails call protect_from_forgery with <tt>with :exception</tt>.
#
# Built-in unverified request handling methods are:
# * <tt>:exception</tt> - Raises ActionController::InvalidAuthenticityToken exception.
# * <tt>:reset_session</tt> - Resets the session.
# * <tt>:null_session</tt> - Provides an empty session during request but doesn't reset it completely. Used as default if <tt>:with</tt> option is not specified.
# Note if <tt>default_protect_from_forgery</tt> is true, Rails call protect_from_forgery with <tt>with :exception</tt>.
# This might not be intuitive as the method itself treats <tt>:with</tt> as <tt>:null_session</tt> by default.
#
# You can also implement custom strategy classes for unverified request handling:
#