I'm experiencing the same issue when implementing Uploadify into a Rails 3.0.0.beta2 application. A comment and a question:
1) You shouldn't need to disable protect_from_forgery for uploads if you pass your session data to Uploadify, then back to Rails when you do the upload. But for the time being, disabling protect_from_forgery is the only way I've been able to get Uploadify to work too. 2) In order to insert middleware in Rails 3, add the following to config/application.rb: config.middleware.insert_before(ActionDispatch::Session::CookieStore, FlashSessionCookieMiddleware, ActionController::Base.session[:key]) However, ActionController::Base.session[:key] is no longer where session information is stored. I've tried accessing it with it with Rails.application.config.session_store[:key], looked through the source and docs. How do you access the session data in Rails 3? Thanks, Patrick On Feb 8, 11:24 pm, bshelton229 <[email protected]> wrote: > I've almost entirely converted a rails 2.3.5 app to 3pre. I'm having > some trouble with protect_from_forgery. I had protect_from_forgery set > in application_controller.rb, but run someuploadifyajax stuff in one > of my controllers, where I had protect_from_forgery, :except > => :add_file set. > > In rails 3 I'm getting ActionController::InvalidAuthenticityToken on > the ajax upload unless I turn off protect_from_forgery completely in > application_controller.rb. Seems like the exception in my FileUpload > controller (protect_from_forgery :except => :add_file) isn't taking. > > Has anyone else experienced this. Should I report a bug or am I doing > something wrong? > > Thanks in advance, > Bryan -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
