app/controllers/application_controller.rb

   1 class ApplicationController < ActionController::Base
   2   # Prevent CSRF attacks by raising an exception.
   3   # For APIs, you may want to use :null_session instead.
   4   protect_from_forgery with: :exception
   5 end