Move up the notice to the line of :with explanation

yykamei · yykamei · commit f7cc8b31913f · 2023-09-29T11:45:42.000+09:00
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -129,13 +129,12 @@ module ClassMethods
       #
       #   If you need to add verification to the beginning of the callback chain, use <tt>prepend: true</tt>.
       # * <tt>:with</tt> - Set the method to handle unverified request.
+      #   Note if <tt>default_protect_from_forgery</tt> is true, Rails call protect_from_forgery with <tt>with :exception</tt>.
       #
       # Built-in unverified request handling methods are:
       # * <tt>:exception</tt> - Raises ActionController::InvalidAuthenticityToken exception.
       # * <tt>:reset_session</tt> - Resets the session.
       # * <tt>:null_session</tt> - Provides an empty session during request but doesn't reset it completely. Used as default if <tt>:with</tt> option is not specified.
-      #   Note if <tt>default_protect_from_forgery</tt> is true, Rails call protect_from_forgery with <tt>with :exception</tt>.
-      #   This might not be intuitive as the method itself treats <tt>:with</tt> as <tt>:null_session</tt> by default.
       #
       # You can also implement custom strategy classes for unverified request handling:
       #

Original file line number	Diff line number	Diff line change
`@@ -129,13 +129,12 @@ module ClassMethods`
`129`	`129`	`#`
`130`	`130`	`# If you need to add verification to the beginning of the callback chain, use <tt>prepend: true</tt>.`
`131`	`131`	`# * <tt>:with</tt> - Set the method to handle unverified request.`
	`132`	`+ # Note if <tt>default_protect_from_forgery</tt> is true, Rails call protect_from_forgery with <tt>with :exception</tt>.`
`132`	`133`	`#`
`133`	`134`	`# Built-in unverified request handling methods are:`
`134`	`135`	`# * <tt>:exception</tt> - Raises ActionController::InvalidAuthenticityToken exception.`
`135`	`136`	`# * <tt>:reset_session</tt> - Resets the session.`
`136`	`137`	`# * <tt>:null_session</tt> - Provides an empty session during request but doesn't reset it completely. Used as default if <tt>:with</tt> option is not specified.`
`137`		`- # Note if <tt>default_protect_from_forgery</tt> is true, Rails call protect_from_forgery with <tt>with :exception</tt>.`
`138`		`- # This might not be intuitive as the method itself treats <tt>:with</tt> as <tt>:null_session</tt> by default.`
`139`	`138`	`#`
`140`	`139`	`# You can also implement custom strategy classes for unverified request handling:`
`141`	`140`	`#`