The HSTS (HTTP Strict Transport Security) protocol is a policy / mechanism that forces a web connection over a secure HTTPS channel. In other words: without a valid SSL certificate, such a website will not load in your browser. The browser will not even show the option to ignore the SSL warning.
CSRF (Cross-Site Request Forgery) is a type of attack where an attacker tricks a user into performing unintended actions on a web application in which the user is authenticated. In Rails, CSRF protection is implemented to prevent such attacks. This article explains what CSRF is, how it works in Rails, and the mechanisms used to prevent CSRF attacks.
If you have ever used paperclip, maybe you have seen the message like that: Image has contents that are not what they are reported to be. For this bug, we will have two solutions: specify an extension that cannot otherwise be mapped or override media_type_spoof_detector method.