You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For now i've disabled forgery protection for the specific action. It would be nice if this wouldn't be necessary, but as far as I can see that might not be possible with the current solution of uploading the files.
The text was updated successfully, but these errors were encountered:
I'm getting a ActionController::InvalidCrossOriginRequest exception when I try to redirect to another URL after the file upload.
Since rails 4.1 GET requests with javascript responses are now also covered by CSRF protection: https://github.com/rails/rails/blob/v4.2.2/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L219-L227
It looks like that because the X-Requested-With header is not set in the header (only in the form data) the browser won't use it as a header in the redirected request, triggering the InvalidCrossOriginRequest.
A sample application demonstrating the issue can be found here: https://github.com/MGotink/remotipart-redirect-demo
For now i've disabled forgery protection for the specific action. It would be nice if this wouldn't be necessary, but as far as I can see that might not be possible with the current solution of uploading the files.
The text was updated successfully, but these errors were encountered: