I have my rails 3 app on heroku and when I send bank info I get: WARNING: Can't verify CSRF token authenticity but my CSRF token is set up. https://gist.github.com/anonymous/7081401 $.ajax({ url: '#{credit_cards_path}', type: 'POST', beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', '#{form_authenticity_token}')}, dataType: "json", data: { cc_uri: response.data.uri, address: $('.addr