search

SammyLin / redactor-rails

This repo is deprecated. Please check out official gem for Redactor 2. https://github.com/Redactor2/redactor2_rails
MIT License
389 stars 253 forks source link

CSRF Errors #5

Closed computeus closed 12 years ago

computeus commented 12 years ago

I am getting CSRF errors with the photo upload.

Adding csrf-param option to the imageUpload url will be good.

Example code:

$('.redactor').redactor({"imageUpload":"/redactor_rails/pictures" + "?" + $('meta[name=csrf-param]').attr('content') + "=" + encodeURIComponent($('meta[name=csrf-token]').attr('content')),"imageGetJson":"/redactor_rails/pictures","lang":"tr","autoresize":true});
rubinsh commented 12 years ago

I am experiencing the same issue. I found it to happen in form base file uploads. When using drag and drop ajax based upload - there is no problem.

SammyLin commented 12 years ago

thanks you for feedback my redactor config(javascript) is created in helper. As far as I know CSRF token can't get in other project.

Now, you can custom redactor-rails config....

next time i will move redactor.yml to javascript... because i know only javascript can get CSRF token...

so ... rubinsh you can get computeus example code...

rubinsh commented 12 years ago

@SammyLin - I don't understand what you want me to do. I don't have a working code example, as I have the same problem myself. I don't know how to add CSRF token to the js, so I can't give an example of a working code.

I looked again now, and I'm pretty sure that this post may help: https://github.com/galetahub/ckeditor/issues/36

since they've had the same problem with uploading images in CKEDITOR

@SammyLin - what do you think?

SammyLin commented 12 years ago

this is helpful for me. i will try fix the issue.

@rubinsh thanks a lot

SammyLin commented 12 years ago

@rubinsh i fix the issue https://github.com/SammyLin/redactor-rails/commit/b98e274c63da1dca63cb09ee4052308c69c1a743 you can try gem "redactor-rails", "~> 0.3"

efairbanks commented 12 years ago

This still seems to be a problem. Using 0.3.2. When the "Choose File" button is clicked on the "Insert Image" dialog, it triggers the following warning:

"WARNING: Can't verify CSRF token authenticity"

This destroys the current session, which (in our case) causes a user to be logged out.

Drag-upload, however, works just fine.

joemsak commented 11 years ago

I'm on 0.3.3 and still have this issue with the Choose File button

Drag-and-drop also works fine