[Rails] Rails 4 Error 422 on heroku with ajax button

[Bazley]

My Rails 4 app works fine locally but when I deploy to heroku I keep 
getting the error "422 Unprocessable Entity" for a particular ajax request:

    <%= button_to update_profile_picture_path(
                    params: {
                      picid:    standardpicture.id,
                      callsign: character.callsign,
                      authenticity_token: form_authenticity_token # doesn't 
work with or without this
                    }
                  ),
                  class: 'btn btn-default btn-xs',
                  remote: true do %>
      <span class="glyphicon glyphicon-user" aria-hidden="true"></span>
    <% end %>

which hits this controller action:

    def update_profile
      @character = Character.find_by(callsign: params[:callsign])
      standardpicture = Picturething.find_by(id: params[:picid])
      @character.build_profilepicture
      standardpicture.picture.recreate_versions!
      @character.profilepicture.picture = standardpicture.picture.profile
      @character.profilepicture.save!
      respond_to do |format|
        format.html do
          redirect_to @character.sociable
        end
        format.js
      end
    end

I've done everything suggested on SO:

**application_controller.rb**

    protect_from_forgery # doesn't work with with: :exception or with: 
:null_session

**application.html.erb**

    <%= csrf_meta_tags %>

I've also tried deleting cookies and clearing the cache.

**request headers**

    ResponseHeaders
    X-Runtime 3.023140
    Date Mon, 21 Dec 2015 12:20:28 GMT
    Via 1.1 vegur
    Server Cowboy
    Strict-Transport-Security max-age=31536000
    Content-Type text/html; charset=utf-8
    Connection keep-alive
    Content-Length 1334
    X-Request-Id b4217519-49d0-4719-ad19-283b7160d6cd
    RequestHeaders
    X-CSRF-Token
    3bvVUdzpR7vPprCaDH+jaFBZL/
WH8s7kp82pg9yhUZFMdKM5oDVwkSPt75iCoXW1mA81lQk7f/NhKTLmrCCrCw==
    Content-Type application/x-www-form-urlencoded; charset=UTF-8
    Accept */*;q=0.5, text/javascript, application/javascript, 
application/ecmascript, application/x-ecmascript
    X-Requested-With XMLHttpRequest

Does anyone have any idea how to fix this?

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/rubyonrails-talk/c09c3b36-4c9d-4830-adb9-e9094ce8ce63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.