This document summarizes how Rails' protect_from_forgery configuration has changed and how to address issues that may arise. It protects from CSRF/XSS attacks by checking non-GET requests. Before Rails 3.0.4, it only checked HTML/JavaScript requests, but now checks all non-GET requests. To fix potential issues, add a jQuery snippet to send the CSRF token on AJAX requests and include the csrf_meta_tag.