README.md in angular_rails_csrf-4.0.1 vs README.md in angular_rails_csrf-4.1.0

- old
+ new

@@ -8,11 +8,11 @@
 
 This project adds direct support for this scheme to your Rails application without requiring any changes to your AngularJS application. It also doesn't require the use of `csrf_meta_tags` to write a CSRF token into your page markup, so it works for pure JSON API applications.
 
 Note that there is nothing AngularJS specific here, and this will work with any other front-end that implements the same scheme.
 
-Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatability) to learn which Rails/Rubies are currently supported.
+Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility) to learn which Rails/Rubies are currently supported.
 
 ## Installation
 
 Add this line to your application's *Gemfile*:
 
@@ -50,18 +50,32 @@
 end
 ```
 
 If `angular_rails_csrf_domain` is not set, it defaults to `nil`.
 
+### Secure Cookie
+
+To set a "secure" flag for the cookie, set the `angular_rails_csrf_secure` option to `true`:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_secure = true
+end
+```
+
+`angular_rails_csrf_secure` defaults to `false`.
+
 ### Exclusions
 
 Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
 
 ```ruby
 class ExclusionsController < ApplicationController
   exclude_xsrf_token_cookie
-  
+
   # your actions here...
 end
 ```
 
 ## Testing
@@ -76,8 +90,8 @@
 
 ```console
 $ rake test
 ```
 
-## License 
+## License
 
 Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).