I'm using rails3. It does not seem to check the authenticity_token
when doing a POST using Ajax. I traced this to:
class Request < Rack::Request
get? || xhr? || content_mime_type.nil? || !
so you don't check if its a get? or a xhr? (ie ajax request). Is this