From 818f7664a6630498a9fbd285f3ace6b8d82f74ca Mon Sep 17 00:00:00 2001
From: Moshe Tanzer <tanzermt@gmail.com>
Date: Mon, 3 Jun 2024 19:43:00 +0200
Subject: [PATCH] fix

---
 docs/content/1.documentation/3.middleware/7.csrf.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/content/1.documentation/3.middleware/7.csrf.md b/docs/content/1.documentation/3.middleware/7.csrf.md
index cf8faea5..0ccd6b18 100644
--- a/docs/content/1.documentation/3.middleware/7.csrf.md
+++ b/docs/content/1.documentation/3.middleware/7.csrf.md
@@ -23,7 +23,17 @@ export default defineNuxtConfig({
   }
 })
 ```
-
+You can directly define per route settings using the `csurf` config (which is the underlying package used for CSRF protection in this library. This should be used directly, not in a `security` object)
+
+```ts{}[nuxt.config.ts]
+export default {
+  routeRules: {
+    '/api/nocsrf': {
+      csurf: false
+    }
+  }
+}
+```
 Now, you can use the auto-imported composables for handling CRSF:
 
 ```ts