class Rack::Protection::FormToken

Compatible with Rails and rack-csrf.
since it might be a security issue, depending on your application
This middleware is not used when using the Rack::Protection collection,
included in the session. Does not expect such a token from Ajax request.
Only accepts submitted forms if a given access token matches the token
More infos
en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers
all
Prevented attack

CSRF
#

def accepts?(env)

def accepts?(env)
  env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" or super
end