We're making a request to an offsite domain, and when I making a PUT request to the offsite server via $.ajax, it looks as if the authenticity token is being concatenated to the end of the stringified JSON object - this obviously causes problems when our offsite server attempts to parse the JSON object, it finds a "&authenticity_token=..." which is not valid JSON.
It looks as if the check of how the authenticity token should be appended (I snooped around a bit in the minified liquid files) is a bit naive. Yes, we're sending up JSON, but best practice (http://stackoverflow.com/a/12693986 <http://stackoverflow.com/a/12693986>) is to stringify with $.ajax first. The authenticity token attachment logic incorrectly interprets the stringified JSON to be a query string.
I have solved this for the most part by preventing this event handler from firing by including the 'global:false;' option in the AJAX request. Thanks!
SubmittedOfficial response from Lindsey Needham
You should be able to stringify your JSON data in an $.ajax request, though it sounds like you were able to resolve this on your own by setting the global parameter to false. If you're still running into issues, however, you can send your examples to email@example.com and we'd be happy to investigate further.
FWIW, another developer seemed to encounter a similar error and was able to resolve by removing the accepts parameter: JSON/jQuery formatting for People create?