Update the generated controller to not include the deprecated :secret option to protect_from_forgery

railties/helpers/application_controller.rb

@@ -5,8 +5,7 @@ class ApplicationController < ActionController::Base
   helper :all # include all helpers, all the time
 
   # See ActionController::RequestForgeryProtection for details
-  # Uncomment the :secret if you're not using the cookie session store
-  protect_from_forgery # :secret => '<%= app_secret %>'
+  protect_from_forgery
   
   # See ActionController::Base for details 
   # Uncomment this to filter the contents of submitted sensitive data parameters