From 5cf622b15bbda6de961a7e32b46ec21ab1ed0f1f Mon Sep 17 00:00:00 2001
From: Sahat Yalkabov <sakhat@gmail.com>
Date: Fri, 18 Apr 2014 14:39:39 -0400
Subject: [PATCH] Updated CSRF FAQ section

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 27759f1fe4..bd805e79af 100644
--- a/README.md
+++ b/README.md
@@ -459,8 +459,9 @@ as part of CSRF protection.
 ```
 input(type='hidden', name='_csrf', value=_csrf)
 ```
-You can read more about [CSRF protection middleware](http://expressjs.com/3x/api.html#csrf) at the Express API Reference.
 
+**Note:** It is now possible to whitelist certain URLs. In other words you can
+specify a list of routes that should bypass CSRF verification check.
 
 ### What is cluster_app.js?
 From the [Node.js Documentation](http://nodejs.org/api/cluster.html#cluster_how_it_works):