I have a rails app that all works fine for me in all browsers (Safari, Firefox, IE6, 7, 8 etc)
I have a new user who has a fairly locked down version of IE8 and as soon as they try to access the app, before they even get to the login page, they get a Windows Authentication prompt appear. If they try to enter the login details they have been provided it fails. I'm not really worried about it failing, as the authentication prompt shouldn't be appearing.
As soon as I remove protect_from_forgery from the ApplicationController they can access the system fine.
I've tried suggesting allowing cookies etc, but they are still getting the problem. Has anyone got any suggestions as to other things we could look
Just to add to this. The site uses a basecamp style subdomain system. Not certain if that's an issue or not.
Which version of Rails are you using? Which authentication framework are you using?
I had the same behavior with Rails 3.0.3 and some earlier version of Devise. The issue I had was that in some circumstances IE8 decides to send 'Accept-Type: */*' in the HTTP header instead of a long line of supported formats. Somewhere within Rails/Devise something slipped and a HTTP authentication status was sent back.
I solved my problem by upgrading to Rails 3.0.5 and Devise 1.2.rc2.