Merge pull request shakacode#306 from shakacode/alexey/csrf

Disable csrf for json

Author: justin808

app/controllers/application_controller.rb

@@ -1,5 +1,6 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :exception,
+                       if: proc { request.headers["X-Auth"] != "tutorial_secret" }
 end