From ad0b790196602cd65485d08dca7cae859ee0e5a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janko=20Marohni=C4=87?= <janko.marohnic@gmail.com>
Date: Sun, 17 Nov 2024 14:48:39 +0100
Subject: [PATCH] Bubble up CSRF note

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 701b64f..3bc4b9c 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,10 @@ Add the gem to your project:
 $ bundle add rodauth-omniauth
 ```
 
+> [!NOTE]
+> The request validation phase will call Rodauth's CSRF protection, so there is no need for gems like `omniauth-rails_csrf_protection`.
+
+
 ## Usage
 
 You'll first need to create the table for storing external identities:
@@ -333,10 +337,6 @@ omniauth_on_failure do
 end
 ```
 
-#### CSRF protection
-
-The default request validation phase uses Rodauth's configured CSRF protection, so there is no need for external gems such as `omniauth-rails_csrf_protection`.
-
 ### Inheritance
 
 The registered providers are inherited between Rodauth auth classes, so you can have fine-grained configuration for different account types.