csrf docs added

docs/guide/controller.md

@@ -39,6 +39,26 @@ The output of an action is what the method returns. The return value will be han
 component which can convert the output to differnet formats such as JSON for example. The default behavior
 is to output the value unchanged though.
 
+You also can disable CSRF validation per controller, by setting its property:
+
+```php
+namespace app\controllers;
+
+use yii\web\Controller;
+
+class SiteController extends Controller
+{
+
+	public $enableCsrfValidation = false;
+
+	public function actionIndex()
+	{
+		#CSRF validation will no be applied on this and other actions
+	}
+
+}
+```
+
 Routes
 ------