You can disable the built-in CSRF protection. Rails uses by default, adding to your controller (ApplicationController or the one that is used) protect_from_forgery:
protect_from_forgery with: :null_session
Or also using skip_before_actionto skip the implementation verify_authenticity_token.