All geek questions in one place

The weird thing when checking sessions in Rails is POST

I got a strange error in Rails, I am creating an application in which users can register and upload files. Everything works, but when I want to download any file, the code in my application controller to check the active session does not work, because it cannot access the session array:

def current_user if session[:session].nil? # <- Fails here redirect_to "/login" else if session[:hash] == Digest::SHA512.hexdigest(session[:password]+" - "+session[:username]+" - "+session[:uuid]) #< and here (removing the other if) with NoMethodError return 0 else redirect_to "/login" end end end

This works for other things, but apparently breaks into POST requests. This is my HAML view for uploading files:

 %b Upload %form{:action=>"/u",:method=>"post",:enctype=>"multipart/form-data"} %br %input{:type=>"file",:name=>"file"} %input{:type=>"submit",:value=>"Upload"}

What am I doing wrong? Also in POST requests, I ended up in the application log: WARNING: Can't verify CSRF token authenticity

+4
source share
3 answers

Apparently I had to add this:

 %input{:type=>"hidden", :name=>"authenticity_token", :value=>form_authenticity_token.to_s}

into my HAML form, now everything works well and no more WARNING: Can't verify CSRF token authenticity :)

+7
source

It seems like you are missing the authenticity token created by Rails to avoid fake cross-site sites. Check the HTML code generation to make sure the token is generated, if it is not, this problem occurs because the default behavior of Rails 3 is when the token is missing or does not match the reset session.

EDIT: Hmm, the problem is that you did not use the Rails helper. You use just haml there.

0
source

In case someone decides to use the html helper inside the form:

  <%= hidden_field_tag('authenticity_token', form_authenticity_token.to_s)%>
0
source

Source: https://habr.com/ru/post/1398646/

More articles:


All Articles