How Rails Authenticity Tokens Protect Against CSRF Vulnerability
Rails protects your web application from CSRF attack by including an authenticity token in the HTML forms. This token is also stored in the user's session. Upon receiving a request, Rails compares these two tokens to decide if the request is verified.