CSRF messages are no longer controlled by 422.html because InvalidAuthenticityToken is not raised

actionpack/lib/action_controller/metal/request_forgery_protection.rb

@@ -17,7 +17,6 @@ class InvalidAuthenticityToken < ActionControllerError #:nodoc:
   # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
   # which checks the token and resets the session if it doesn't match what was expected.
   # A call to this method is generated for new \Rails applications by default.
-  # You can customize the error message by editing public/422.html.
   #
   # The token parameter is named <tt>authenticity_token</tt> by default. The name and
   # value of this token must be added to every layout that renders forms by including