Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headers passed to ActiveStorageProvider don't make it to DirectUploadProvider #22

Closed
CaptainLexington opened this issue Feb 28, 2019 · 5 comments
Closed

Headers passed to ActiveStorageProvider don't make it to DirectUploadProvider #22

CaptainLexington opened this issue Feb 28, 2019 · 5 comments

Comments

@CaptainLexington
Copy link

I've been passing a headers prop to ActiveStorageProvider, but the request to direct_upload doesn't have those headers. When I put a breakpoint in addHeaders in Upload.js, this.options.headers is undefined - but when I put that breakpoint in ActiveStorageProvider's render method in index.js, headers has the correct value when it's destructured on line 51 - it's just not passed down or used anywhere. Is this the desired behavior? The documentation is not clear.
@cbothner
Copy link
Owner

cbothner commented Feb 28, 2019
edited

Thanks for opening this issue. You’re right that the documentation isn’t clear on this.

That was the desired behavior; headers was destructured in order not to pass it down. My thinking was that in a standard Rails app the ActiveStorage::DirectUploadsController doesn’t expect any custom headers, but that your model’s controllers often will. I don’t feel strongly, however, and I’m open to reconsidering, provided it doesn’t mess up the default case.

Can you provide a little more detail about your use case? Are you using a custom direct uploads controller? What headers are you hoping to pass through?

@CaptainLexington
Copy link
Author

We're just trying to authenticate with our direct_uploads route. I'm not very familiar with ActiveStorage, but the back-end guy tells me that ActiveStorage usually depends on a CSRF token that's embedded when the page is rendered, but since we're using not using Rails for serving our SPA that token isn't available. We want to use our normal authentication token for this, but we're open to other strategies. What do other Rails/React users normally do?

@cbothner
Copy link
Owner

cbothner commented Feb 28, 2019
edited

ActiveStorage does depend on the CSRF token, which @rails/activestorage (which this library uses) looks for (in a meta tag in the document head) and includes automatically.

Since you’re not using Rails to serve the SPA, I see why you’re looking for another way to authenticate the uploads. I think the approach you’re considering is reasonable, and probably how most in your situation will do it.

I’m going to test with my vanilla ActiveStorage setup just to make sure unnecessary headers won’t cause any problems, then I’ll change this library to pass the headers as you’ve suggested.

@cbothner cbothner mentioned this issue Feb 28, 2019
Merged
@cbothner
Copy link
Owner

Released as v0.8.0

@CaptainLexington
Copy link
Author

Wow, thank you so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CaptainLexington @cbothner