Uploading files larger than 70kb CSRF Mismatch error in Sails.js using skipper-gridfs adapter

55 views
Skip to first unread message

Mitchel Blais

unread,
Aug 20, 2016, 1:31:34 PM8/20/16
to sails.js
I am using sails version 0.12.3 and skipper-gridfs and when I upload a file larger than 70kb I get a CSRF Mismatch error. Why is that? I have tried to set the headers with the CSRF Token however that does not seem to work. 

Here is my form:

<form id="uploadForm" enctype="multipart/form-data" action="/UploadProfileImg/upload" method="post" style="margin-left: 10px">
      <h2 style="text-align: center">Upload Profile Image...</h2>
      <input type="hidden" name="id" value="<%= req.session.User.id %>" /><br/>
<!-- Select Profile Image File Button -->
<div class="input-group" style="width: 40%; margin: 0 auto;">
 <span class="input-group-btn">
   <span class="btn btn-info" onclick="$(this).parent().find('input[type=file]').click();">Browse</span>
   <input name="uploadFile" onchange="$(this).parent().parent().find('.form-control').html($(this).val().split(/[\\|/]/).pop());" style="display: none;" type="file">
 </span>
</div><br/>
    <input type="submit" value="submit" class="btn btn-primary" style="display: block; margin: 0 auto"/>
    <input type="hidden" id="csrfField" name="_csrf" value="<%= _csrf %>" />
</form>

And here is my code to upload the files in my upload controller

upload: function(req, res) {
console.log(req.param('_csrf'));
   if (req.method === 'GET')
       return res.json({ 'status': 'GET not allowed' });
   // Call to /upload via GET is error
   var uploadFile = req.file('uploadFile');

   uploadFile.upload({
     adapter: require('skipper-gridfs'),
     uri: 'mongodb://localhost:27017/reaam.user',
     headers: { 
    'X-CSRF-TOKEN': req.param('_csrf') 
    }
     
   }, function (err, filesUploaded) {

     if (err) return res.negotiate(err);
     //console.log(filesUploaded[0].extra);
     var userId = req.session.User.id;
     var userObj = {
      //Adds the encrypted filename to user.profileimage field record for user being edited
profileimage: filesUploaded[0].extra.fd 
};

      User.update(userId, userObj, function userUpdated(err){
if(err){
res.json(err);
}
});  
     return res.redirect('/user/show/' + req.param('id'));
   }); 
}



Reply all
Reply to author
Forward
0 new messages