Using the URL option in a form_for

Question

I have a form with a url option.

- form_for [@organization, @video], :url => organization_media_videos_with_session_path(@organization), :html => { :multipart => true } do |f|

That URL is specifically a helper that I wrote here :

def organization_media_videos_with_session_path(organization)
  session_key = ActionController::Base.session_options[:key]
  organization_media_videos_path(organization, session_key => cookies[session_key], request_forgery_protection_token => form_authenticity_token)
end

My question is this..

On my working production the form HTML looks like this :

<form method="post" id="new_video" enctype="multipart/form-data" class="new_video dirtyform" action="/organizations/470/media/videos">

On my non-working testing server, the form HTML looks like this :

<form method="post" id="new_video" enctype="multipart/form-data" class="new_video" action="/organizations/1/media/videos?_hq_channel_session=BAh7CjoQX2NzcmZfdG9rZW4iMTVrM3NyWkMzVGk5OGJFNXR6WTZ1V3djWWtyUThnS01OaFlDZVBsUzA5SEU9IhV1c2VyX2NyZWRlbnRpYWxzIgGAODQ4NjQwMzViZTNkODkyYmQ1NmNkY2U3ZTcxOTBhYzc2ZGFhMWNlMGQ0ZjVhOGFlMDZjODUyZGU5N2MzMzM5MGFhOTRkNmZlNmNhMGQ1N2Y3YmU4NzY2OWJjYzk1ZDhiOWVkNzQ3OGQxOTJjMGViMDdiZWQ1MGI0NmZhODQ4YWUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewAiGHVzZXJfY3JlZGVudGlhbHNfaWRpBjoPc2Vzc2lvbl9pZCIlZDk4Mjg0MTBkOGZiMGJkOTYxNDMyZmY5NzNkMGE1NDY%3D--c46c8a31da47833661393e399510802b2924f128&amp;authenticity_token=5k3srZC3Ti98bE5tzY6uWwcYkrQ8gKMNhYCePlS09HE%3D">

How could this be?

Answer 1

That looks very much like your session secret. I imagine this is something to do with your environment setup, which is passing the key in the URL in dev but not in production.

Have a look at this for more details.