0

I get an error when trying to upload a file using carrierwave: 

ActionController::InvalidAuthenticityToken in AssetsController#create

Steps:

1. rails new testapp
2. Add devise and carrierwave to Gemfile
3. rails g devise:install
4. rails g scaffold asset path:string  #will mount uploader to path
5. rails g uploader asset
6. rake db:migrate
7. Edit model/asset.rb add mount_uploader :path, AssetUploader
8. modify asset form to use multipart and file_field for :path

So with that basic setup if I go to assets/new I will see the new asset form, use the file field to select an image for uploading and when I save I get the error above. I never created a devise user model and never added any before_filter authenticate_user! to the controllers.

It doesn't redirect me to a login page but it throws the error. So I tried creating a devise model with 'user' and registered and logged in and I can now use the asset form to upload even though I never set 'before_filter authenticate_user!'. If I log out and try to upload again I get the same error.

So with that information is there any reason why devise would automatically prevent me from using an upload form in my app?

<%= form_for(@asset, :html => { :multipart => true}) do |f| %>
  <% if @asset.errors.any? %>
    <div id="error_explanation">
      <h2><%= pluralize(@asset.errors.count, "error") %> prohibited this asset from being saved:</h2>

      <ul>
      <% @asset.errors.full_messages.each do |msg| %>
        <li><%= msg %></li>
      <% end %>
      </ul>
    </div>
  <% end %>

  <div class="field">
    <%= f.label :path %><br>
    <%= f.file_field :path, :multiple => true %>
  </div>
  <div class="actions">
    <%= f.submit %>
  </div>
<% end %>
TripWired
  • 378
  • 7
  • 17

1 Answers1

0

InvalidAuthenticityToken is generated by rails itself, not by carrierwave or rails, and it means you aren't including the csrf-token hidden field. This is normally added by form builders for conventional forms, and jquery-ujs (or an equivalent) for ajax.

There are lots of ways this can happen. Not using a form builder is a common one. In your case, I think you're confusing rails with :html => { :multipart => true }. file_field sets the encoding automatically, so at best that code would do nothing. Remove that chunk, and let's see how you're doing.

ps. carrierwave doesn't support :multiple => true. There are workarounds, but that belongs in another question.

Taavo
  • 2,406
  • 1
  • 17
  • 17
  • So I found this post: http://stackoverflow.com/questions/16258911/rails-4-authenticity-token That seems to solve the issue, but I'm not clear if thats the best way to handle this error. It also seems weird that without changing much as far as the scaffolding goes (adding multipart and filefield) that rails would cause this error. – TripWired Sep 27 '13 at 17:04
  • That post does to eally solve anything in your case—it just changes the problem. What does your asset form view look like? – Taavo Sep 27 '13 at 18:16
  • I added the `_form.html.erb` code, this is what standard scaffold generates the only changes were the multipart and file_field lines. – TripWired Sep 27 '13 at 18:34
  • 1
    Updated my answer. Try removing `:html => { :multipart => true }`. – Taavo Sep 27 '13 at 19:15