What is Cross-Site Request Forgery (CSRF)? How is Rails protected against it?
It is a form of attack where a hacker submits a request on your behalf to a website, causing damage or revealing sensitive data. In order to protect from attacks, you must add “protect_from_forgery” to your ApplicationController. This will require a CSRF token to process the request.