I recently came across “ActionController::InvalidAuthenticityToken” error while working on an ROR application. It kind of threw me off track. I was thinking this error is somehow related to cross-site request forgery and something to do with protect_from_forgery option in application.rb controller. This error would only show up in Firefox and not in IE.
The problem is that Firefox as per standards does not allow form elements to be inserted within the “table” or “tr” elements (You can embed a form within the “td” and it will work). The form functionality gets broken if it is within the “table” or “tr” elements and you can get unpredictable results. The following is a mortgage calculator form. Firefox gave the “ActionController::InvalidAuthenticityToken” error when the remote_form_for helper was used within the table as shown below.