Understanding the rails-jquery CSRF vulnerability (CVE-2015-1840)

Several new security disclosures were released recently. One of them was for rails-jquery, the javascript library that implements "remote" links and forms in Rails. In this post we'll dissect the problem and see how it was fixed.