We have a Rails application hosted on Amazon EC2. The application uses the has_secure_password authentication feature introduced in Rails 3.1 - described in Railscasts episode 250 - that is enabled via the bcrypt-ruby gem.
We set up a GoDaddy CNAME record to point to the application. If we then call the application through the DNS, the authentication's login functionality works fine for Chrome and Mozilla. However, for IE and Safari the login form comes back blank (when valid credentials are given) and the following error is displayed within the stacktrace:
WARNING: Can't verify CSRF token authenticity
Interestingly, if on IE we then popup another tab on that same browser, and then call the application via the EC2 canonical name, the authentication works fine. And then the first browser will also then authenticate correctly.
Should we set up an A record instead? Has anyone ever seen this behavior before with Rails 3.1+ authentication?
Note: I have <%= csrf_meta_tags %> within the application.html Header.