Why does adding a file field to my form cause “can't verify CSRF token…”












0















I have (probably) a simple problem that I can't seem to wrap my head around.



I have a simple form to edit a tenant object in my rails application. It works as expected.



However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.



My question:
Why does adding the file_field result in this CSRF error?



The form in question: 



....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....


additionally, here is the code that brings up the form. Not sure if it has any relevance.



This is the code in the file that brings up my form: edit.js.erb



closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');


EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.






ruby-on-rails ruby devise csrf crud







share|improve this question




















  • 1





    Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

    – vich
    Nov 26 '18 at 21:37
















0















I have (probably) a simple problem that I can't seem to wrap my head around.



I have a simple form to edit a tenant object in my rails application. It works as expected.



However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.



My question:
Why does adding the file_field result in this CSRF error?



The form in question: 



....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....


additionally, here is the code that brings up the form. Not sure if it has any relevance.



This is the code in the file that brings up my form: edit.js.erb



closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');


EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.






ruby-on-rails ruby devise csrf crud







share|improve this question




















  • 1





    Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

    – vich
    Nov 26 '18 at 21:37














0












0








0








I have (probably) a simple problem that I can't seem to wrap my head around.



I have a simple form to edit a tenant object in my rails application. It works as expected.



However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.



My question:
Why does adding the file_field result in this CSRF error?



The form in question: 



....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....


additionally, here is the code that brings up the form. Not sure if it has any relevance.



This is the code in the file that brings up my form: edit.js.erb



closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');


EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.






ruby-on-rails ruby devise csrf crud







share|improve this question
















I have (probably) a simple problem that I can't seem to wrap my head around.



I have a simple form to edit a tenant object in my rails application. It works as expected.



However, when I add the <%= f.file_field :logo %> line into my form, I get the Can't verify CSRF token authenticity. error.



My question:
Why does adding the file_field result in this CSRF error?



The form in question: 



....

<%= form_for(tenant,:html=>{:id=>"your_form_id",:multipart => true,:remote=>true}) do |f| %>

  <%= render 'errors/form_errors', object: @tenant %>



  <div id="login-form">

    <div class="field">

      <%= f.text_field :name, placeholder: "name" %>

    </div>

    </br>

    <div class="field">

      <%= f.email_field :email, placeholder: "email" %>

    </div>

    </br>

    <div class="field">

      <%= f.phone_field :phone, id: "phoneNumber", placeholder: "(XXX) XXX-XXXX", onkeypress:"return numberPressed(event);" %>

    </div>

    </br>



    <div class="field">

      <%= f.file_field :logo %> //WORKS FINE WITHOUT THIS FIELD!

    </div>



    <div class="actions">

      <%= f.submit id: "login-button", class: "btn-outline-primary", value: "Save",'data-disable-with':"Wait..." %>

    </div>

  </div>



<% end %>

....


additionally, here is the code that brings up the form. Not sure if it has any relevance.



This is the code in the file that brings up my form: edit.js.erb



closeLightbox();

$("body").prepend('<%= escape_javascript(render 'edit', tenant: @tenant) %>');


EDIT: I have found a solution, although I don't really understand why it is necessary. See answer below.






ruby-on-rails ruby devise csrf crud




ruby-on-rails ruby devise csrf crud






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 27 '18 at 21:53







Joe Bauer

















asked Nov 26 '18 at 21:08









Joe BauerJoe Bauer

3911313




3911313








  • 1





    Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

    – vich
    Nov 26 '18 at 21:37














  • 1





    Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

    – vich
    Nov 26 '18 at 21:37








1




1





Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37





Possible duplicate of WARNING: Can't verify CSRF token authenticity rails

– vich
Nov 26 '18 at 21:37












1 Answer
1






active

oldest

votes


















0














I found this in another thread, and it solves my problem:



I added the following to my form:



<%= token_tag(nil) %>





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53489097%2fwhy-does-adding-a-file-field-to-my-form-cause-cant-verify-csrf-token%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I found this in another thread, and it solves my problem:



    I added the following to my form:



    <%= token_tag(nil) %>





    share|improve this answer




























      0














      I found this in another thread, and it solves my problem:



      I added the following to my form:



      <%= token_tag(nil) %>





      share|improve this answer


























        0












        0








        0







        I found this in another thread, and it solves my problem:



        I added the following to my form:



        <%= token_tag(nil) %>





        share|improve this answer













        I found this in another thread, and it solves my problem:



        I added the following to my form:



        <%= token_tag(nil) %>






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 27 '18 at 21:54









        Joe BauerJoe Bauer

        3911313




        3911313
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53489097%2fwhy-does-adding-a-file-field-to-my-form-cause-cant-verify-csrf-token%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

            Image
            0 I found a lot of questions abount appendices and ToC. Many users want appendices to be grouped in an Appendix part, however some problems arise with ToC, hyperref, PDF viewer bookmarks, and so on. There are different solutions which require extra packages, command patching and other extra code, however none of them satisfies me. I almost found an easy way to accomplish a good result, where appendices are added to bookmarks in the right way and hyperref links point to the right page. However, the number of the "Appendix" part page is wrong (it's the number of appendix A). Is there any EASY way to fix that? This is a MWE: documentclass{book} usepackage[nottoc,notlot,notlof]{tocbibind} usepackage{hyperref} begin{document} frontmatter tableofcontents mainmatter part{First} chapter{
            Read more

            Calculate evaluation metrics using cross_val_predict sklearn

            Image
            1 In the sklearn.model_selection.cross_val_predict page it is stated: Generate cross-validated estimates for each input data point. It is not appropriate to pass these predictions into an evaluation metric. Can someone explain what does it mean? If this gives estimate of Y (y prediction) for every Y (true Y), why can't I calculate metrics such as RMSE or coefficient of determination using these results? python scikit-learn cross-validation share | improve this question edited Nov 28 '18 at 17:52 desertnaut 20.3k 7 43 79
            Read more

            Insert data from modal to MySQL (multiple modal on website)

            Image
            0 I have problem with inserting data to MySQL from modal. My modal: <a href="#" class="badge badge-pill badge-success">6 komentarzy</a> <a href="#" class="badge badge-pill badge-danger">brak komentarzy</a> <a data-toggle="modal" href="#add_desk_comm_{$desk_['desk_id']}" data-target="#add_desk_comm_{$desk_['desk_id']}" class="ediiit">(dodaj)</a> <div class="modal fade" id="add_desk_comm_{$desk_['desk_id']}" tabindex="-1" role="dialog" aria-labelledby="edit_printer" aria-hidden="true"> <div class="modal-dialog" role="document">
            Read more