Ruby on Rails: problem getting CKeditor to upload images.

Question

When I pick a file and click "Send it to the Server"

I get the error:

ActionController::InvalidAuthenticityToken in MediasController#new_from_disk

Parameters:

{"upload"=>#<File:/var/folders/Fr/FrWbhcV1HdGpFgn7Lh7OhU+++TI/-Tmp-/RackMultipart20100802-4884-olu0e5-0>,
 "CKEditorFuncNum"=>"42",
 "langCode"=>"en",
 "CKEditor"=>"object_content_body"}

from my understanding, the ckeditor uploader sends my ruby action the file, and I handle it then and there. So I don't need a view associated with my new_from_disk action (which currently doesn't do anything).

Here is the documentation for uploading / browsing stuff you already have uploaded. None of it has helped me. http://docs.cksource.com/CKEditor_3.x/Developers_Guide/File_Browser_(Uploader)/Custom_File_Browser

any one have any hints / guides?

Answer 1

By default, Rails expects to have the user's authenticity token submitted - and raises an exception if it isn't. This is to protect against CSRF (read more at the Rails API)

Whenever you use a form_for, Rails will add this authenticity token as a hidden input to get submitted with the form.

As you aren't using form_for (or any of its derivatives), you need to explicitly add this token to the parameters you submit. You can access the token's value using #{form_authenticity_token}. How you submit it will depend on CKeditor's API.

Alternatively, you can disable auth token checking on a per action basis (not recommended!) like so:

class MediasController < ApplicationController
  skip_before_filter :verify_authenticity_token, :only => [:new_from_disk]

  ...
end