In the config/application_controller.rb
file in my Rails application directory, I found the code below:
class ApplicationController < ActionController::Base
protect_from_forgery
end
Can any one tell me what project_from_forgery
means and why it is being used?
It protects from csrf. e.g. all POST requests should have specific security token.
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf