Why does adding a file field to my form cause “can't verify CSRF token…”

I have (probably) a simple problem that I can't seem to wrap my head around.

I have a simple form to edit a tenant object in my rails application. It works as expected.

However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.

My question:
Why does adding the file_field result in this CSRF error?

The form in question:

....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....

additionally, here is the code that brings up the form. Not sure if it has any relevance.

This is the code in the file that brings up my form: edit.js.erb

closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');

EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.

edited Nov 27 '18 at 21:53

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

1

Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37

add a comment |

I have (probably) a simple problem that I can't seem to wrap my head around.

I have a simple form to edit a tenant object in my rails application. It works as expected.

However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.

My question:
Why does adding the file_field result in this CSRF error?

The form in question:

....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....

additionally, here is the code that brings up the form. Not sure if it has any relevance.

This is the code in the file that brings up my form: edit.js.erb

closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');

EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.

edited Nov 27 '18 at 21:53

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

1

Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37

add a comment |

I have (probably) a simple problem that I can't seem to wrap my head around.

I have a simple form to edit a tenant object in my rails application. It works as expected.

However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.

My question:
Why does adding the file_field result in this CSRF error?

The form in question:

....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....

additionally, here is the code that brings up the form. Not sure if it has any relevance.

This is the code in the file that brings up my form: edit.js.erb

closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');

EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.

edited Nov 27 '18 at 21:53

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

I have (probably) a simple problem that I can't seem to wrap my head around.

I have a simple form to edit a tenant object in my rails application. It works as expected.

However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.

My question:
Why does adding the file_field result in this CSRF error?

The form in question:

....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....

additionally, here is the code that brings up the form. Not sure if it has any relevance.

This is the code in the file that brings up my form: edit.js.erb

closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');

EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.

ruby-on-rails ruby devise csrf crud

edited Nov 27 '18 at 21:53

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

edited Nov 27 '18 at 21:53

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

edited Nov 27 '18 at 21:53

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

asked Nov 26 '18 at 21:08

Joe Bauer

3911313

1

Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37

add a comment |

1

Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37

Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37

add a comment |

1 Answer
1

active

oldest

votes

I found this in another thread, and it solves my problem:

I added the following to my form:

<%= token_tag(nil) %>

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53489097%2fwhy-does-adding-a-file-field-to-my-form-cause-cant-verify-csrf-token%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

I found this in another thread, and it solves my problem:

I added the following to my form:

<%= token_tag(nil) %>

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

add a comment |

I found this in another thread, and it solves my problem:

I added the following to my form:

<%= token_tag(nil) %>

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

add a comment |

I found this in another thread, and it solves my problem:

I added the following to my form:

<%= token_tag(nil) %>

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

I found this in another thread, and it solves my problem:

I added the following to my form:

<%= token_tag(nil) %>

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

answered Nov 27 '18 at 21:54

Joe Bauer

3911313

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Btukfyl