RoR InvalidAuthenticityToken with Active Storage direct upload

Question

I am trying to use rails active storage to directly upload to an Amazon s3 bucket. However, let's treat this as directly uploading when the storage medium is the local disk, because I can't get that to work either.

I am unable to do this without ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): errors.

I have followed this guide exactly: https://guides.rubyonrails.org/active_storage_overview.html#direct-uploads

I have even gone so far as to disable csrf application wide with this line of code in my application_controller.rb skip_before_action :verify_authenticity_token

This only happens when I have direct_upload: true in my form.

Here is my form:

<%= form_with url: messages_path do |form| %> <%= form.label 'Upload' %> <%= form.file_field :audio_message, class: 'form-control', direct_upload: true, :required => true%> <%= form.submit 'Upload file', class: 'form-control' %> <% end %>

Answer 1

Looks like ajax submit did not pick up the token. You can try either one of these:

1. Tell the form to embed token <%= form_with url: messages_path, authenticity_token: true...%>

2. add config.action_view.embed_authenticity_token_in_remote_forms = true in config

See if they help you. My guess is purely from this: https://edgeapi.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_with