The Field Test gem 0.2.0 up to and including 0.3.2 for Ruby allows CSRF.
field test project field test