Ruby on Rails Invalid Authenticity Token when using IE

well for some strange reason IE gives me and InvalidAuthenticityToken error almost every time a POST query is used. Seems to be that IE does not 开发者_StackOverflow中文版like the "/" and "=" characters sometimes found in authenticity_token. So I wondered if anyone has actually found a solution to this?

More strange is that no other browser seems to behave that way.

Thanks in advance.

Same problem here with a rails application launched in an iframe I get:

"the change you wanted was rejected"

In log:

ActionController::InvalidAuthenticityToken

Seems that the problem occur in IE when you are developing in an iframe situation where the master page is at a different domain than the inner page. (es: iframed Facebook applications)

This is because IE's default "medium" privacy setting has an issue with cookies in that situation.

A possible solution is to set a P3P header (try to google: p3p iframe internet explorer) Example, in application_controller.rb:

before_filter  :set_p3p

def set_p3p
  response.headers["P3P"]='CP="CAO PSA OUR"'
end

It works in my case.

Best Regards

Reference: http://duanesbrain.blogspot.com/2007/11/facebook-ie-and-iframes.html