第一种： 

Ror代码

class FooController < ApplicationController  

    protect_from_forgery :except => :index  

  
 

   # you can disable csrf protection on controller-by-controller basis:  

    skip_before_filter :verify_authenticity_token  

end  

class FooController < ApplicationController protect_from_forgery :except => :index # you can disable csrf protection on controller-by-controller basis: skip_before_filter :verify_authenticity_token end

 
 

 
 

第二种： 

修改配置文件config\environments\development.rb 

 
 

 
 

Ror代码

# Disable request forgery protection in development environment  

   config.action_controller.allow_forgery_protection = false  

 
 

然后重启服务器 

 
 

 
 

第三种： 

在jquery或form中加入 

Ruby代码

<%= tag(:input, :type => "hidden", :name =>   

request_forgery_protection_token.to_s, :value =>   

form_authenticity_token) %> 

 
 

来自 <http://blog.csdn.net/iam_song/article/details/7688631>