Protect from forgery for Rest destroy action?

Hi !!
I’m reading the rails guides about security, i had a question about the
forgery protection

If we consider a standard Restful resource ( generated with scaffold for
example ), the update and create actions are protected from forgery
attacks thanks to the authenticity token, but what about the destroy
method ??

<a href="/posts/2"
data-method="delete"rel="nofollow">Supprimer</a>

A third party website could paste a link with the same href and other
attributes and changing the link text et that would indeed destroy my
post wouldn’it ?? There’s no token here …

Thanks

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs