Returns meta tags “csrf-param” and “csrf-token”
with the name of the cross-site request forgery protection parameter and
token, respectively.
<head>
<%= csrf_meta_tags %>
</head>
These are used to generate the dynamic forms that implement non-remote
links with :method.
Note that regular forms generate hidden fields, and that Ajax calls are
whitelisted, so they do not use these tags.