fix

Author: moshetanzer

docs/content/1.documentation/3.middleware/7.csrf.md

@@ -23,7 +23,17 @@ export default defineNuxtConfig({
   }
 })
 ```
-
+You can directly define per route settings using the `csurf` config (which is the underlying package used for CSRF protection in this library. This should be used directly, not in a `security` object)
+
+```ts{}[nuxt.config.ts]
+export default {
+  routeRules: {
+    '/api/nocsrf': {
+      csurf: false
+    }
+  }
+}
+```
 Now, you can use the auto-imported composables for handling CRSF:
 
 ```ts