CSRF Setting issues

[eluser]Unknown[/eluser]
I've a codeigniter app, which works fine. I created a facebook canvas app, and tried loading a page generated by the codeigniter. It didn't work. And I got to see dreaded - "The action you have requested is not allowed". Just so to ensure my facebook app settings are right, I tried with a page from another site, and it worked.

So started search for possible problems, I could figure out that it was because of CSRF protection=TRUE in cornfig settings. So I simply turned off CSRF protection to see, if would work. Then, it worked and I could actually load codeigniter generated pages through Facebook Canvas App (Sandbox mode, though..)

Some suggested if we hard code hidden field for csrf token, (instead of depending on form_open() function) we could avoid this rule, and by that logic, if we had a page, which has no form at all, should work fine. And I couldn't not load even pages that don't have a form.

And I'm not using AJAX anywhere.

I'm using CI 2.1.3.

One related link - http://ellislab.com/forums/viewthread/228160/#1038448
Though there are many similar questions, I couldn't find satisfactory answer.

If I just see apache logs, I really don't feel turning off CSRF protection would be a good idea.

So How do I make codeignter generated pages appear in facebook canvas app, without turning off CSRF protection?

Any pointers will be useful. Thanks for you time.