Ruby: add an example of protect_from_forgery with: :exception

Author: alexrford

ruby/ql/test/query-tests/security/cwe-352/railsapp/app/controllers/articles_controller.rb

@@ -1,5 +1,9 @@
 class ArticlesController < ApplicationController
-  prepend_before_action :user_authored_article?, only: [:delete_authored_article]
+  prepend_before_action :user_authored_article?, only: [:delete_authored_article, :change_title]
+
+  # GOOD: `with: :exception` provides more effective CSRF protection than
+  # `with: :null_session` or `with: :reset_session`.
+  protect_from_forgery with: :exception, only: [:change_title]
 
   def delete_authored_article
     article.destroy