You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 22, 2022. It is now read-only.
After resuming a previously interrupted upload, MrUploader passes the old request params, from the original request.
The problem this causes in Rails. Rails has cross-site-forgery protection using a CSRF Token that it passes in the request parameters.
While upload is in progress, interrupt it by logging out. Log back in. At this point, that user has a new CSRF Token embedded in the HTML of their pages. Upload the same file again using MrUploader. MrUploader passes the old CSRF Token from the original upload. The upload proceeds to 100%, then fails - because the CSRF Tokens don't match. When that happens, we have our site set to redirect to the login page. That 302 redirect response crashes MrUploader [because of issue #3].
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
After resuming a previously interrupted upload, MrUploader passes the old request params, from the original request.
The problem this causes in Rails. Rails has cross-site-forgery protection using a CSRF Token that it passes in the request parameters.
While upload is in progress, interrupt it by logging out. Log back in. At this point, that user has a new CSRF Token embedded in the HTML of their pages. Upload the same file again using MrUploader. MrUploader passes the old CSRF Token from the original upload. The upload proceeds to 100%, then fails - because the CSRF Tokens don't match. When that happens, we have our site set to redirect to the login page. That 302 redirect response crashes MrUploader [because of issue #3].
The text was updated successfully, but these errors were encountered: