I want to create sessions in my Rails 4 application via an AJAX request in an iframe.
In the iframe I've included a form for a new session with the attribute remote: true as usual, and included <%= token_tag %> in the form body as well as <%= csrf_meta_tags %> in the head of the layout.
Chrome has no problem posting this form and creating a session. Under identical conditions Safari causes a CSRF exception.
Why does this happen, and what can I do to stop it? As I understand it, this is not a situation where CSRF is essential, as there is no session to hijack, but I'm still wary of turning it off.
Chrome version: 31.0.1650.63
Safari version: 7.0.1
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 闹够了就滚 的文章《Why is Safari causing a Rails CSRF exception where》','https://www.manongdao.com/article-765736.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}