protect_from_forgery

protect_from_forgery (ApplicationController)

https://goo.gl/ooXwVk 先了解 CSRF 是什麼，文章下方則有講到用 token 來避免 CSRF attack, 也就是 Rails 使用的方法。

http://apidock.com/rails/v2.0.0/ActionController/RequestForgeryProtection/ClassMethods/protect_from_forgery

http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html