I am running a Rails 4 app in semi-production and I constantly get
exceptions from crawler bots that use a HEAD HTTP method, which causes
the
CSRF protection to kick in.
Shouldn't HEAD requests normally be handled like GET requests?
According to the Rails Guide it seems apparent that only GET request are
assumed to be safe.