Unprocessable entity upon an asset upload


(Prabhakar Kumar) #1

I am trying to upload an image asset by dragging and dropping it in “Pick Media” dialog’s “Upload” tab and I get a javascript alert saying Unprocessable Entity.

Upon diving into the logs I find the following:

Started POST "/admin/media/upload" for 127.0.0.1 at 2018-07-21 19:09:57 +0530                                                                                                                                      
Processing by PushType::Admin::AssetsController#upload as */*                                                                                                                                                      
  Parameters: {"asset"=>{"file"=>#<ActionDispatch::Http::UploadedFile:0x00007fafce040710 @tempfile=#<Tempfile:/tmp/RackMultipart20180721-15182-x4p97e.jpg>, @original_filename="header.jpg", @content_type="image/j
peg", @headers="Content-Disposition: form-data; name=\"asset[file]\"; filename=\"header.jpg\"\r\nContent-Type: image/jpeg\r\n">}}                                                                                  
Can't verify CSRF token authenticity.                                                                                                                                                                              
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)                                                                                                                                                    
                                                                                                                                                                                                                   
                                                                                                                                                                                                                   
                                                                                                                                                                                                                   
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

It appears that in the upload call, csrf-token is not passed.


(Prabhakar Kumar) #2

I have created pull request #53 to fix this.


(Epipheus) #3

yeah, your pull request doesn’t fully fix the problem unfortunately. It still fails if you try updating the assets and occassionally it still happens upon upload. I added a note to the issue.

This is a serious usability issue. As in, PushType isn’t very usable with this csrf bug.