class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
end
$(document).ajaxSend(function(e, xhr, options) {
var token = $("meta[name='csrf-token']").attr("content");
xhr.setRequestHeader("X-CSRF-Token", token);
});
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html