It's been known that the Rails CSRF authenticity token doesn't work inside an iframe or Facebook canvas. Iframe causes Can't Verify CSRF Token Authenticity n Rails
The recommended solution is turning it off. However, I've been getting some bots auto-submitting our embeddable form. I would like to have some sort of CSRF protection without having to resort to captcha.
Is there anyway to make the rails auth token work inside or iframe or is there a better solution out there? Thanks
