Minor README fixes

README.md

@@ -1,8 +1,8 @@
 # OmniAuth - Rails CSRF Protection
 
 This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request
-Forgery on the request phrase when using OmniAuth gem with a Ruby on Rails
-application) by implementing a CSRF token verifier that directly utilize
+Forgery on the request phase when using OmniAuth gem with a Ruby on Rails
+application) by implementing a CSRF token verifier that directly uses
 `ActionController::RequestForgeryProtection` code from Rails.
 
 [![CircleCI](https://circleci.com/gh/cookpad/omniauth-rails_csrf_protection/tree/master.svg?style=svg)](https://circleci.com/gh/cookpad/omniauth-rails_csrf_protection/tree/master)
@@ -27,7 +27,7 @@ contains `authenticity_token` value. This might simply be done by changing all
 This gem does a few things to your application:
 
 * Disable access to the OAuth request phrase using HTTP GET method.
-* Insert a Rails CSRF token verifier at before request phrase.
+* Insert a Rails CSRF token verifier at the before request phrase.
 
 These actions mitigate you from the attack vector described in CVE-2015-9284.