Cross-Site Request Forgery, aka CSRF (pronounced Sea-Surf), is a security vulnerability that goes by many names. You might know it better as XSRF, side-jacking, session riding and maybe even the "one-click attack." No matter what name it goes by, CSRF is a serious exploitation of trust. It preys on a Website's trusted (and supposedly authenticated) users and cleverly allows them to be the ones who unknowingly initiate unauthorized actions or requests. From the point of view of the attacked site, it looks as though the user is the attacker when, in fact, at best he's probably an unwitting accomplice.
There are a number of reasons that someone would want to launch a CSRF attack and each has its own unique impact. CSRF attacks are nothing new. In fact, websites have been vulnerable to this attack since the beginning of the World Wide Web. CSRF is also an easy vulnerability to overlook.
Cross-Site Request Forgery attacks on your site can also occur in conjunction with XSS breaches. The severity of the CSRF attack is dependent on the severity of the vulnerability in your Ruby code.