Most likely cause of this is the CSRF is firing and killing whatever is posting to your site from outside in my case its PAYPAL posting an IPN request to a site im working on.
To fix it add this line of code to the controller
If entire controller can be posted to from out side then this is ok
If you need to open access to a single page then try this:
protect_from_forgery :execpt => :pages_that_are_posted_to_from_out_side