diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb
index 408a3b67216057acb4df3da816cce05a05483d8c..d30fd248c19beea8ef73c55be257c329623a0b18 100644
--- a/actionpack/lib/action_view/helpers/form_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_helper.rb
@@ -304,16 +304,15 @@ module FormHelper
       # When you build forms to external resources sometimes you need to set an authenticity token or just render a form
       # without it, for example when you submit data to a payment gateway number and types of fields could be limited.
       #
-      # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter in the <tt>:html</tt>
-      # options section:
+      # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter
       #
-      #   <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => 'external_token' } do |f|
+      #   <%= form_for @invoice, :url => external_url, :authenticity_token => 'external_token' do |f|
       #     ...
       #   <% end %>
       #
       # If you don't want to an authenticity token field be rendered at all just pass <tt>false</tt>:
       #
-      #   <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => false } do |f|
+      #   <%= form_for @invoice, :url => external_url, :authenticity_token => false do |f|
       #     ...
       #   <% end %>
       def form_for(record, options = {}, &proc)
@@ -332,6 +331,8 @@ def form_for(record, options = {}, &proc)
         end
 
         options[:html][:remote] = options.delete(:remote)
+        options[:html][:authenticity_token] = options.delete(:authenticity_token)
+        
         builder = options[:parent_builder] = instantiate_builder(object_name, object, options, &proc)
         fields_for = fields_for(object_name, object, options, &proc)
         default_options = builder.multipart? ? { :multipart => true } : {}
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 4f4de0cbee1377a9a7e9224b7f6deba592539cfa..68d4c6a57c8a761f7011fe5d26d3d5302f4a5723 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -29,11 +29,11 @@ def meta
   end
 
   def external_form_for
-    render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => 'external_token' }) {} %>"
+    render :inline => "<%= form_for(:some_resource, :authenticity_token => 'external_token') {} %>"
   end
 
   def form_for_without_protection
-    render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => false }) {} %>"
+    render :inline => "<%= form_for(:some_resource, :authenticity_token => false ) {} %>"
   end
 
   def rescue_action(e) raise e end