From 8ae62e54f47291c32cf769c7e8de8b02b29becaf Mon Sep 17 00:00:00 2001
From: Bobby McDonald <BobbyMcWho@users.noreply.github.com>
Date: Fri, 4 Dec 2020 13:27:23 -0500
Subject: [PATCH] Note to always skip the authenticity check

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f2de457..3ffb2bd 100644
--- a/README.md
+++ b/README.md
@@ -94,7 +94,8 @@ something like this:
 
 ```ruby
 class SessionsController < ApplicationController
-  skip_before_action :verify_authenticity_token, only: :create unless Rails.env.production?
+  # If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only. 
+  skip_before_action :verify_authenticity_token, only: :create
 
   def create
     @user = User.find_or_create_from_auth_hash(auth_hash)