Invalid Authenticity Token, IE and Underscores

I spent a couple hours time which I will never get back trying to figure this one out. My rails application worked perfectly fine in Firefox, but IE was throwing an error. That’s not terribly unusual with IE, but this time something was fishy. The error is all over the google. There are several suggested fixes, none of which was working for me. The main one was adding a p3p header to the response that is supposed to to convince IE to allow cookies to be set for your domain. I finally stumbled upon this page that has a subtle reference to not using an underscore in your domain name. Of course, right there in the middle of the subdomain name I had chosen was an underscore. As it turns out underscores are not allowed in hostnames.  Some browsers are just more forgiving than others.