ActionController::InvalidAuthenticityToken
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
end
Explanation:
- ApplicationController
is a superclass in Ruby on Rails that other controllers typically inherit from.
- protect_from_forgery
is a method provided by Rails to prevent Cross-Site Request Forgery (CSRF) attacks.
- with: :exception
configures the protection to raise an exception (ActionController::InvalidAuthenticityToken
) when the CSRF token validation fails.
- ActionController::InvalidAuthenticityToken
is the specific exception raised when Rails encounters an invalid authenticity token in a form submission, usually due to a mismatch between the token sent by the client and the one expected by the server for security purposes.