Ruby on Rails Invalid Authenticity Token when using IE
well for some strange reason IE gives me and InvalidAuthenticityToken error almost every time a POST query is used. Seems to be that IE does not 开发者_StackOverflow中文版like the "/" and "=" characters sometimes found in authenticity_token. So I wondered if anyone has actually found a solution to this?
More strange is that no other browser seems to behave that way.
Thanks in advance.
Same problem here with a rails application launched in an iframe I get:
"the change you wanted was rejected"
In log:
ActionController::InvalidAuthenticityToken
Seems that the problem occur in IE when you are developing in an iframe situation where the master page is at a different domain than the inner page. (es: iframed Facebook applications)
This is because IE's default "medium" privacy setting has an issue with cookies in that situation.
A possible solution is to set a P3P header (try to google: p3p iframe internet explorer) Example, in application_controller.rb:
before_filter :set_p3p
def set_p3p
response.headers["P3P"]='CP="CAO PSA OUR"'
end
It works in my case.
Best Regards
Reference: http://duanesbrain.blogspot.com/2007/11/facebook-ie-and-iframes.html
精彩评论