Updated in June 2019 to reflect code changes in Rails 6 If you’re using Rails today, chances are you’re using CSRF protection. It’s been there almost since the beginning, and it’s one of those features in Rails that makes your life easier without needing to give it a second thought. Briefly, Cross-Site Request Forgery (CSRF) is an attack that allows a malicious user to spoof legitimate requests to