Michiel Sikkes wrote in post #1093276:
I am running a Rails 4 app in semi-production and I constantly get
exceptions from crawler bots that use a HEAD HTTP method, which causes
CSRF protection to kick in.
Shouldn't HEAD requests normally be handled like GET requests?
According to the Rails Guide it seems apparent that only GET request are
assumed to be safe.