问题
When I pick a file and click "Send it to the Server"
I get the error:
ActionController::InvalidAuthenticityToken in MediasController#new_from_disk
Parameters:
{"upload"=>#<File:/var/folders/Fr/FrWbhcV1HdGpFgn7Lh7OhU+++TI/-Tmp-/RackMultipart20100802-4884-olu0e5-0>,
"CKEditorFuncNum"=>"42",
"langCode"=>"en",
"CKEditor"=>"object_content_body"}
from my understanding, the ckeditor uploader sends my ruby action the file, and I handle it then and there. So I don't need a view associated with my new_from_disk action (which currently doesn't do anything).
Here is the documentation for uploading / browsing stuff you already have uploaded. None of it has helped me. http://docs.cksource.com/CKEditor_3.x/Developers_Guide/File_Browser_(Uploader)/Custom_File_Browser
any one have any hints / guides?
回答1:
By default, Rails expects to have the user's authenticity token submitted - and raises an exception if it isn't. This is to protect against CSRF (read more at the Rails API)
Whenever you use a form_for, Rails will add this authenticity token as a hidden input to get submitted with the form.
As you aren't using form_for (or any of its derivatives), you need to explicitly add this token to the parameters you submit. You can access the token's value using #{form_authenticity_token}. How you submit it will depend on CKeditor's API.
Alternatively, you can disable auth token checking on a per action basis (not recommended!) like so:
class MediasController < ApplicationController
skip_before_filter :verify_authenticity_token, :only => [:new_from_disk]
...
end
来源:https://stackoverflow.com/questions/3398707/ruby-on-rails-problem-getting-ckeditor-to-upload-images