Add text/plain to the browser_generated_types array as webkit and gecko can submit them.

For more information see:

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/

actionpack/lib/action_controller/mime_type.rb

@@ -25,7 +25,7 @@ module Mime
     # These are the content types which browsers can generate without using ajax, flash, etc
     # i.e. following a link, getting an image or posting a form.  CSRF protection
     # only needs to protect against these types.
-    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form]
+    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
     cattr_reader :browser_generated_types
 
 
@@ -177,7 +177,7 @@ module Mime
     end
 
     # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
-    # ActionController::RequestForgerProtection.
+    # ActionController::RequestForgeryProtection.
     def verify_request?
       browser_generated?
     end