<% form_tag "foo" do %> It's important to test request forgery protection. <% end %>