From 9872a52a8dcde8f57ce03bceff79024851e8c63c Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Thu, 5 Sep 2013 12:53:54 +0200
Subject: [PATCH] SecurityToken docs

---
 docs/en/topics/security.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/en/topics/security.md b/docs/en/topics/security.md
index 812243f25..00633034b 100644
--- a/docs/en/topics/security.md
+++ b/docs/en/topics/security.md
@@ -323,7 +323,11 @@ match the hash stored in the users session, the request is discarded.
 You can disable this behaviour through `[api:Form->disableSecurityToken()]`.
 
 It is also recommended to limit form submissions to the intended HTTP verb (mostly `GET` or `POST`)
-through `[api:Form->setStrictFormMethodCheck()]`.
+through `[api:Form->setStrictFormMethodCheck()]`. 
+
+Sometimes you need to handle state-changing HTTP submissions which aren't handled through
+SilverStripe's form system. In this case, you can also check the current HTTP request
+for a valid token through `[api:SecurityToken::checkRequest()]`.
 
 ## Casting user input