diff --git a/guides/assets/stylesheets/main.css b/guides/assets/stylesheets/main.css index 318a1ef1c72fcbc72f5afe8fd237fe6c69562669..ed558e4793fc4cd5d0bdbebec5d7ac8ed5b14539 100644 --- a/guides/assets/stylesheets/main.css +++ b/guides/assets/stylesheets/main.css @@ -34,7 +34,7 @@ pre, code { overflow: auto; color: #222; } -pre,tt,code,.note>p { +pre, tt, code { white-space: pre-wrap; /* css-3 */ white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */ white-space: -pre-wrap; /* Opera 4-6 */ diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md index e0a9add2be1cc6870507061ae0323bdb1903ee02..6cfb6c5ca587bfaa2097e5e64308bd6543a3d3a3 100644 --- a/guides/source/active_record_querying.md +++ b/guides/source/active_record_querying.md @@ -1384,7 +1384,8 @@ WHERE people.name = 'John' LIMIT 1 ``` -NOTE: Remember that, if `find_by` returns more than one registry, it will take just the first and ignore the others. Note the `LIMIT 1` statement above. +NOTE: Remember that, if `find_by` returns more than one registry, it will take +just the first and ignore the others. Note the `LIMIT 1` statement above. Find or Build a New Object -------------------------- diff --git a/guides/source/security.md b/guides/source/security.md index 4a80edbdad7604f8cd0c7ec179af9a264e966328..e4cc79df55955cb0d5097b3c0642387509ee8da5 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -249,7 +249,14 @@ protect_from_forgery with: :exception This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown. -NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for jQuery](https://github.com/rails/jquery-ujs), which adds a header called `X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. Without this header, non-GET Ajax requests won't be accepted by Rails. When using another library to make Ajax calls, it is necessary to add the security token as a default header for Ajax calls in your library. To get the token, have a look at `` tag printed by `<%= csrf_meta_tags %>` in your application view. +NOTE: By default, Rails includes jQuery and an [unobtrusive scripting adapter for +jQuery](https://github.com/rails/jquery-ujs), which adds a header called +`X-CSRF-Token` on every non-GET Ajax call made by jQuery with the security token. +Without this header, non-GET Ajax requests won't be accepted by Rails. When using +another library to make Ajax calls, it is necessary to add the security token as +a default header for Ajax calls in your library. To get the token, have a look at +`` tag printed by +`<%= csrf_meta_tags %>` in your application view. It is common to use persistent cookies to store user information, with `cookies.permanent` for example. In this case, the cookies will not be cleared and the out of the box CSRF protection will not be effective. If you are using a different cookie store than the session for this information, you must handle what to do with it yourself: