InvalidAuthenticityToken when uploading media in Rails 5.2

ryenski commented 6 years ago

After upgrading to Rails 5.2, media are no longer able to be uploaded. Oddly, it raises an InvalidAuthenticityToken.

Steps to reproduce:

Create a fresh Rails 5.1.5 app and install PushType.
Uploads work as expected.
Upgrade to Rails 5.2.0.rc2. (or 5.2.0.rc1) and bundle update.
Uploads will raise InvalidAuthenticityToken.

Started POST "/admin/media/upload" for 127.0.0.1 at 2018-03-20 16:49:32 -0500
Processing by PushType::Admin::AssetsController#upload as */*
  Parameters: {"asset"=>{"file"=>#<ActionDispatch::Http::UploadedFile:0x007f8ef8a69558 @tempfile=#<Tempfile:/var/folders/3k/2mpqytlj7rlg88q_htm991rc0000gn/T/RackMultipart20180320-46614-94jhp2.jpg>, @original_filename="thumbnail-wide.jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"asset[file]\"; filename=\"thumbnail-wide.jpg\"\r\nContent-Type: image/jpeg\r\n">}}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

actionpack (5.2.0.rc2) lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
actionpack (5.2.0.rc2) lib/action_controller/metal/request_forgery_protection.rb:243:in `handle_unverified_request'
devise (4.4.3) lib/devise/controllers/helpers.rb:255:in `handle_unverified_request'
actionpack (5.2.0.rc2) lib/action_controller/metal/request_forgery_protection.rb:238:in `verify_authenticity_token'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:426:in `block in make_lambda'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:198:in `block (2 levels) in halting'
actionpack (5.2.0.rc2) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:199:in `block in halting'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:513:in `block in invoke_before'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:513:in `each'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:513:in `invoke_before'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:131:in `run_callbacks'
actionpack (5.2.0.rc2) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (5.2.0.rc2) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (5.2.0.rc2) lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
activesupport (5.2.0.rc2) lib/active_support/notifications.rb:168:in `block in instrument'
activesupport (5.2.0.rc2) lib/active_support/notifications/instrumenter.rb:23:in `instrument'
activesupport (5.2.0.rc2) lib/active_support/notifications.rb:168:in `instrument'
actionpack (5.2.0.rc2) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (5.2.0.rc2) lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
activerecord (5.2.0.rc2) lib/active_record/railties/controller_runtime.rb:24:in `process_action'
actionpack (5.2.0.rc2) lib/abstract_controller/base.rb:134:in `process'
actionview (5.2.0.rc2) lib/action_view/rendering.rb:32:in `process'
actionpack (5.2.0.rc2) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (5.2.0.rc2) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (5.2.0.rc2) lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
actionpack (5.2.0.rc2) lib/action_dispatch/routing/route_set.rb:34:in `serve'
actionpack (5.2.0.rc2) lib/action_dispatch/journey/router.rb:52:in `block in serve'
actionpack (5.2.0.rc2) lib/action_dispatch/journey/router.rb:35:in `each'
actionpack (5.2.0.rc2) lib/action_dispatch/journey/router.rb:35:in `serve'
actionpack (5.2.0.rc2) lib/action_dispatch/routing/route_set.rb:840:in `call'
railties (5.2.0.rc2) lib/rails/engine.rb:524:in `call'
railties (5.2.0.rc2) lib/rails/railtie.rb:190:in `public_send'
railties (5.2.0.rc2) lib/rails/railtie.rb:190:in `method_missing'
actionpack (5.2.0.rc2) lib/action_dispatch/routing/mapper.rb:19:in `block in <class:Constraints>'
actionpack (5.2.0.rc2) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (5.2.0.rc2) lib/action_dispatch/journey/router.rb:52:in `block in serve'
actionpack (5.2.0.rc2) lib/action_dispatch/journey/router.rb:35:in `each'
actionpack (5.2.0.rc2) lib/action_dispatch/journey/router.rb:35:in `serve'
actionpack (5.2.0.rc2) lib/action_dispatch/routing/route_set.rb:840:in `call'
dragonfly (1.1.4) lib/dragonfly/middleware.rb:14:in `call'
warden (1.2.7) lib/warden/manager.rb:36:in `block in call'
warden (1.2.7) lib/warden/manager.rb:35:in `catch'
warden (1.2.7) lib/warden/manager.rb:35:in `call'
rack (2.0.4) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.0.4) lib/rack/etag.rb:25:in `call'
rack (2.0.4) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.4) lib/rack/head.rb:12:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/http/content_security_policy.rb:18:in `call'
rack (2.0.4) lib/rack/session/abstract/id.rb:232:in `context'
rack (2.0.4) lib/rack/session/abstract/id.rb:226:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/cookies.rb:670:in `call'
activerecord (5.2.0.rc2) lib/active_record/migration.rb:559:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (5.2.0.rc2) lib/active_support/callbacks.rb:98:in `run_callbacks'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
web-console (3.5.1) lib/web_console/middleware.rb:135:in `call_app'
web-console (3.5.1) lib/web_console/middleware.rb:28:in `block in call'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `catch'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (5.2.0.rc2) lib/rails/rack/logger.rb:38:in `call_app'
railties (5.2.0.rc2) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (5.2.0.rc2) lib/active_support/tagged_logging.rb:71:in `block in tagged'
activesupport (5.2.0.rc2) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (5.2.0.rc2) lib/active_support/tagged_logging.rb:71:in `tagged'
railties (5.2.0.rc2) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.2.1) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.4) lib/rack/method_override.rb:22:in `call'
rack (2.0.4) lib/rack/runtime.rb:22:in `call'
activesupport (5.2.0.rc2) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
dragonfly (1.1.4) lib/dragonfly/cookie_monster.rb:9:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (5.2.0.rc2) lib/action_dispatch/middleware/static.rb:127:in `call'
rack (2.0.4) lib/rack/sendfile.rb:111:in `call'
railties (5.2.0.rc2) lib/rails/engine.rb:524:in `call'
puma (3.11.3) lib/puma/configuration.rb:225:in `call'
puma (3.11.3) lib/puma/server.rb:624:in `handle_request'
puma (3.11.3) lib/puma/server.rb:438:in `process_client'
puma (3.11.3) lib/puma/server.rb:302:in `block in run'
puma (3.11.3) lib/puma/thread_pool.rb:120:in `block in spawn_thread'

aaronrussell commented 6 years ago

I had a quick go trying to recreate this but couldn't. There is a new release out which is Rails 5.2 compatible - maybe you could try with that?

https://rubygems.org/gems/push_type/versions/0.12.0.beta.1

Let me know if this issue persists and we can dig deeper.

juliancheal commented 5 years ago

Hi, just tested this PR https://github.com/pushtype/push_type/pull/53 with Rails 5.2.3, and `push_type 0.12.0.beta.1' and it seems to work. 👍

Just trying to find a fix for https://github.com/pushtype/push_type/pull/53#issuecomment-426184596

pushtype / push_type

InvalidAuthenticityToken when uploading media in Rails 5.2 #49