Rails 2.0 introduced protection for Cross-site request forgery (CSRF). This is turned on by default in your Rails applications. However, many developers are turning off this valuable protection rather than making the changes necessary to use it. This seems the same to me as leaving your door unlocked while your friend visits because cutting keys [...]