ActionController::InvalidAuthenticityToken while uploading in rails 3.0.3

I am using Ruby 1.8.7 and Rails 3.0.3.

When I upload a file I get following error:

ActionController::InvalidAuthenticityToken

I tried adding followings to my model file:

1. protect_from_forgery :only => [:create, :up开发者_如何学JAVAdate, :destroy]

2. skip_before_filter :verify_authenticity_token

   How to solve it?

Check the HTML in your form and ensure that there's an element like <input name="authenticity_token" type="hidden" value="some_long_random_string" />.

If you're not using rails' form helpers or you're bypassing them with javascript somehow, you're not going to get that token in the request. That leaves you to choose between disabling the forgery protection or fixing your forms.

I just had this problem and fixed it by ensuring that <%= csrf_meta_tag %> is included wherever an html head section is defined.

This problem arose for me when I started using custom layouts and accidentally forgot to include that token.

If you define the html head section in the view itself, the csrf meta tag needs to be included there to.