Valum Fileupload +jQuery +csrf

I recently went to implement Valum’s Fileupload script with a Ruby on Rails jQuery project I was working on.

One thing I figured out is that all requests in Rails3 must send also send the X-CSRF-Token. Now normally the rails.js jQuery adapter takes care of this; but Valum’s fileupload script is written in raw javascript :)

The problem I had was a logged in user was automatically logged out whenever they attempted a fileupload (I was using the Devise auth gem).

Find line 1203 and add the following below it.

        var token = $('meta[name="csrf-token"]').attr('content');
        if (token) xhr.setRequestHeader('X-CSRF-Token', token);

This will ensure that fileupload requests also send the csrf token.



2 Responses to “Valum Fileupload +jQuery +csrf”

  1. boddhisattva says:

    Hello, I am using a pretty old version of Rails and I got the same/similar error:- ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
    /home/mohnish/.rvm/gems/ruby-1.8.7-p334/gems/actionpack-2.0.2/lib/action_controller/request_forgery_protection.rb:79:in `verify_authenticity_token’.

    I even tried a authenticity_token: $(‘meta[name=csrf-token]‘).attr(‘content’) as given in:- https://github.com/valums/file-uploader/issues/73 .

    This doesn’t fix also..

    Any idea how to get this fixed with Rails 2.0.2 as of now I only commented that line of the code to get it working for me…

  2. mettet1990 says:

    Thanks!! Was wandering why it always logged out my users… You’re the best

Leave a Reply

You must be logged in to post a comment.