InvalidAuthenticityToken error with remote_form_for

I tried using submit_to_remote (or link_to_remote) to submit the
form_for and it worked:

<% form_for :vendor do |f| -%>
  <%= f.text_field :name, :size => 15 %>
  <%= f.text_field :location, :size => 15 %>
  <%# f.submit 'save' %>
  <%= link_to_remote 'save',
          :url => { :action => 'create', :id => @vendor } %>
<% end -%>

and in the controller:

def create
  @vendor = Vendor.new(params[:vendor])
  if @vendor.save
    respond_to do |format|
      format.html { redirect_to vendors_path }
      format.js
    end
  end
end

Of course, I have a create.js.rjs template to handle the ajax events on
the page.

If nobody answered this yet, the reason it's not working is that your
link doesn't serialize the authenticity_token field. Just put:

<%= link_to_remote 'save',
          :url => { :action => 'create', :id => @vendor }, :with =>
'authenticity_token' %>

and that should get you on the right path.

HTH