protect_from_forgery development mode

Should this be working in development mode?
For some reason it doesn't.

regards, John

It's working with Ruby1.9.1p243/Rails2.3.4.
Check config/environments/development.rb and make sure you don't have
"config.action_controller.allow_forgery_protection = false" in there.

Add protect_from_forgery to ApplicationController and you should see a
<input type="hidden" name="authenticity_token" value="........./> on
your POST pages.