[ci skip] it should be protect_from_forgery

actionpack/lib/action_controller/metal/request_forgery_protection.rb

@@ -20,7 +20,7 @@ class InvalidCrossOriginRequest < ActionControllerError #:nodoc:
   # Since HTML and JavaScript requests are typically made from the browser, we
   # need to ensure to verify request authenticity for the web browser. We can
   # use session-oriented authentication for these types of requests, by using
-  # the `protect_form_forgery` method in our controllers.
+  # the `protect_from_forgery` method in our controllers.
   #
   # GET requests are not protected since they don't have side effects like writing
   # to the database and don't leak sensitive information. JavaScript requests are