InvalidToken for a Flash upload

Hi,

I am developping a small Flash app to upload multiple files with a
progress bar in a Rails site.

Rails handles the server side. I have a controller that displays the
view containing the flash, and it also provides a security token to the
flash. The Flash gets it and send it back to the server in the HTTP
request that contains the file to upload.

Big surprise : it works perfectly in Internet Explorer… but not in
Firefox nor in Opera. :S

For Firefox and Opera, I get a
ActionController::InvalidAuthenticityToken in the console.

I display the token in text in the console, in the view html and in the
flash, and the token doesn’t seem to be altered (though I had to
CGI.escape the token to get it right in Flash, and escape it again in
Flash to send it back, just because of the “+” that the token can
contains).

This is what the console shows for Firefox :

Token from controller = ayZ/bR7r2W3qg61NIspeOsU0N/VBqHqjWamkRtQG+s4=
←[4;36;1mSQL (0.0ms)←[0m ←[0;1mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#form (for 127.0.0.1 at 2010-08-01 13:12:25)
[GET]
Rendering upload/form
Completed in 11ms (View: 9, DB: 0) | 200 OK [http://localhost/]
←[4;35;1mSQL (0.0ms)←[0m ←[0mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#index (for 127.0.0.1 at 2010-08-01 13:12:29)
[POST]
Parameters: {“Filename”=>“Screenshot-14.jpg”,
“authenticity_token”=>“ayZ/bR7r2
W3qg61NIspeOsU0N/VBqHqjWamkRtQG+s4=”, “Upload”=>“Submit Query”,
“Filedata”=>#<File:C:/Users/Lily/AppData/Local/Temp/RackMultipart.4856.0>}

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticit
yToken):

And now for Internet Explorer :

Token from controller = i1irXTa0JqlbBNTlfcRwFYdQ24L8yhTBQFWESSrSEZg=
g=&=]
←[4;35;1mSQL (0.0ms)←[0m ←[0mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#form (for 127.0.0.1 at 2010-08-01 13:15:02)
[GET]
Rendering upload/form
Completed in 4ms (View: 2, DB: 0) | 200 OK [http://localhost/]
ost/]
←[4;36;1mSQL (0.0ms)←[0m ←[0;1mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#index (for 127.0.0.1 at 2010-08-01 13:15:19)
[POST]
Parameters: {“Filename”=>“MobilePhone_Icon.jpg”,
“authenticity_token”=>“i1irXT
a0JqlbBNTlfcRwFYdQ24L8yhTBQFWESSrSEZg=”, “Upload”=>“Submit Query”,
“Filedata”=>#<File:C:/Users/Lily/AppData/Local/Temp/RackMultipart.4
856.2>}
Completed in 8ms (View: 1, DB: 0) | 200 OK
[http://localhost/upload?authenticity
_token=i1irXTa0JqlbBNTlfcRwFYdQ24L8yhTBQFWESSrSEZg=]

Could someone help me about this ? I searched quite a while on the net
for an explaination; I found some people fix for Swfupload and
Uploadify/Paperclip but couldn’t get a solution out of it.

(I’m using Rails 2.3.5 and Ruby 1.8.6 on this project, the Flash
application is in ActionScript 3 compiled for the player 10)

Lily :slight_smile: wrote:

Hi,

I am developping a small Flash app to upload multiple files with a
progress bar in a Rails site.

Rails handles the server side. I have a controller that displays the
view containing the flash, and it also provides a security token to the
flash. The Flash gets it and send it back to the server in the HTTP
request that contains the file to upload.

Big surprise : it works perfectly in Internet Explorer… but not in
Firefox nor in Opera. :S

For Firefox and Opera, I get a
ActionController::InvalidAuthenticityToken in the console.

I display the token in text in the console, in the view html and in the
flash, and the token doesn’t seem to be altered (though I had to
CGI.escape the token to get it right in Flash, and escape it again in
Flash to send it back, just because of the “+” that the token can
contains).

This is what the console shows for Firefox :

Token from controller = ayZ/bR7r2W3qg61NIspeOsU0N/VBqHqjWamkRtQG+s4=
←[4;36;1mSQL (0.0ms)←[0m ←[0;1mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#form (for 127.0.0.1 at 2010-08-01 13:12:25)
[GET]
Rendering upload/form
Completed in 11ms (View: 9, DB: 0) | 200 OK [http://localhost/]
←[4;35;1mSQL (0.0ms)←[0m ←[0mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#index (for 127.0.0.1 at 2010-08-01 13:12:29)
[POST]
Parameters: {“Filename”=>“Screenshot-14.jpg”,
“authenticity_token”=>“ayZ/bR7r2
W3qg61NIspeOsU0N/VBqHqjWamkRtQG+s4=”, “Upload”=>“Submit Query”,
“Filedata”=>#<File:C:/Users/Lily/AppData/Local/Temp/RackMultipart.4856.0>}

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticit
yToken):

And now for Internet Explorer :

Token from controller = i1irXTa0JqlbBNTlfcRwFYdQ24L8yhTBQFWESSrSEZg=
g=&=]
←[4;35;1mSQL (0.0ms)←[0m ←[0mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#form (for 127.0.0.1 at 2010-08-01 13:15:02)
[GET]
Rendering upload/form
Completed in 4ms (View: 2, DB: 0) | 200 OK [http://localhost/]
ost/]
←[4;36;1mSQL (0.0ms)←[0m ←[0;1mSET SQL_AUTO_IS_NULL=0←[0m

Processing UploadController#index (for 127.0.0.1 at 2010-08-01 13:15:19)
[POST]
Parameters: {“Filename”=>“MobilePhone_Icon.jpg”,
“authenticity_token”=>“i1irXT
a0JqlbBNTlfcRwFYdQ24L8yhTBQFWESSrSEZg=”, “Upload”=>“Submit Query”,
“Filedata”=>#<File:C:/Users/Lily/AppData/Local/Temp/RackMultipart.4
856.2>}
Completed in 8ms (View: 1, DB: 0) | 200 OK
[http://localhost/upload?authenticity
_token=i1irXTa0JqlbBNTlfcRwFYdQ24L8yhTBQFWESSrSEZg=]

Could someone help me about this ? I searched quite a while on the net
for an explaination; I found some people fix for Swfupload and
Uploadify/Paperclip but couldn’t get a solution out of it.

(I’m using Rails 2.3.5 and Ruby 1.8.6 on this project, the Flash
application is in ActionScript 3 compiled for the player 10)

Still searching for a solution, if anyone could help. I really searched
the web and found some tips but I still couldn’t find out a solution.
The upload stills work with IE and not with other browser. I read
somewhere that it could be a problem of session id and tried this fix
that supposed to override the middleware. But I don’t think I understand
what my Flash should eventually send to work…

require ‘rack/utils’

class FlashSessionCookieMiddleware
def initialize(app, session_key = ‘_session_id’)
@app = app
@session_key = session_key
end

def call(env)
if env[‘HTTP_USER_AGENT’] =~ /^(Adobe|Shockwave) Flash/
puts “***** yeaaahh I’m in the condition !”
puts "***** Session key is : " + @session_key.to_s + " and @app :
" + @app.to_s
params = ::Rack::Utils.parse_query(env[‘QUERY_STRING’])
env[‘HTTP_COOKIE’] = [ @session_key, params[‘session_key’]
].join(’=’).freeze unless params[‘session_key’].nil?
end
@app.call(env)
end
end

By the way, this fix doesn’t change that IE works anyway, and not FF nor
Opera…

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs