The manual uploads didn't look like it would work as it is coming from the local filesystem. My guess is your meaning I should just pull it from request.vars with no form on my side. That just might work. Thanks for the help.
On Thursday, May 10, 2012 1:28:46 PM UTC+3, Anthony wrote: > > Is this correct? I think I can't do this with default settings as there >> is something stoping CSRF attacks, right? >> > > If your get_file function creates a web2py form and calls form.process(), > then by default it will add a _formkey token to the form for CSRF > protection -- if that key is not present upon submission, the form will not > be accepted. To prevent that, you can just do form.process(session=None). > You could also forego the web2py form processing and just handle the upload > manually (http://web2py.com/books/default/chapter/29/6#Manual-uploads). > On the other hand, if you still want the CSRF protection, you could call > the get_file function via Ajax from the main page in order to set and get > the _formkey token, and then configure nicEdit to post the _formkey value > along with the file (if it can do that). Another option might be using a > digitally signed URL for get_file ( > http://web2py.com/books/default/chapter/29/4#Digitally-signed-urls). > > Anthony >
