module ActionController::RequestForgeryProtection

The actual before_filter that is used. Modify this to change how you handle unverified requests.

def verify_authenticity_token
  verified_request? || handle_unverified_request
end