It is a form of attack where a hacker submits a request on your behalf to a website, causing damage or revealing sensitive data. In order to protect from attacks, you must add “protect_from_forgery” to your ApplicationController. This will require a CSRF token to process the request.

BY Best Interview Question ON 13 Jan 2019