1class ApplicationController < ActionController::Base 2 # Prevent CSRF attacks by raising an exception. 3 # For APIs, you may want to use :null_session instead. 4 protect_from_forgery with: :exception 5end