diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 1145f348c2ecbb381e3a5ff42c0a3f1b81125951..802bf9d29f38c6017a55a0586d9b07d1943d37ff 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -670,11 +670,11 @@ def convert_boolean_attributes!(html_options, bool_attrs)
         end
 
         def token_tag(token=nil)
-          if token == false || !protect_against_forgery?
-            ''
-          else
+          if token != false && protect_against_forgery?
             token ||= form_authenticity_token
             tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => token)
+          else
+            ''
           end
         end