This project is archived and is in readonly mode.
multipart/form-data and maemo browser
Reported by beam | November 19th, 2009 @ 09:17 AM
Invalid parameters from muptiptart/form-data form sended with Maemo Browser #
How to reproduce
rails test
cd test/
./script/generate controller test index
cat > app/views/test/index.html.erb << EOF
<html>
<head>
</head>
<body>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="authenticity_token" value="<%= form_authenticity_token %>" />
<input type="submit" value="submit" />
</form>
</body>
</html>
EOF
./script/server -b 192.168.1.10
Now you need to brows to http://192.168.1.10:3000/test/index
with maemo browser and press submit
button, and you get InvalidAuthenticityToken and
this as a parameter list:
Parameters: {"authenticity_token"=>#<File:/tmp/RackMultipart20091119-15972-7huy2e-0>}
With firefox or IE or opera:
Parameters: {"authenticity_token"=>"FgGZ+7GZ+jEcOOAoAa0Cx7ExgghWDtxFUe8VWlVyQLU="}
Some info
with maemo browser we have:
POST /test/index HTTP/1.1
Host: 10.2.14.101:3000
User-Agent: Mozilla/5.0 (X11; U; Linux armv6l; ru-RU; rv:1.9a6pre) Gecko/20080828 Firefox/3.0a1 Tablet browser 0.3.7 RX-34+RX-44+RX-48_DIABLO_5.2008.43-7
Accept: text/xml,application/xml,application/atom+xml,application/rss+xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: ru
Accept-Encoding: gzip,deflate
Keep-Alive: 300
Connection: keep-alive
Referer: http://10.2.14.101:3000/test/index
Cookie: _razor_session=BAh7BzoQX2NzcmZfdG9rZW4iMXBxQU9FL0xpeUc3dTZwUjFqUkd4UXg3SXNNRmFwSTlzQUMySnhxODRVYWM9Og9zZXNzaW9uX2lkIiVhODliYjQ4OWZiZmZjZTBjNGIxODk3ZGYzZTAxNzhmOQ%3D%3D--e426041a2498b3dbceefb4bf1b3f0f9b867c6ebd; _test_session=BAh7BzoQX2NzcmZfdG9rZW4iMStRbkNRRkRpc2lQb1QwNHlqNStiajhwYW5rRlpCOWZDWG5ONzJweXJxaFE9Og9zZXNzaW9uX2lkIiU1YTdiNjY1ZTRjOGJjYTVkMTFlM2QwOTExOTM0NzlhMQ%3D%3D--e48d25c9bd1302af1a1c8e66db94ff028b0b5287
Content-Type: multipart/form-data; boundary=---------------------------110252005920448977631967513926
Content-Length: 272
-----------------------------110252005920448977631967513926
Content-Type: text/plain; charset=UTF-8
Content-Disposition: form-data; name="authenticity_token"
FgGZ+7GZ+jEcOOAoAa0Cx7ExgghWDtxFUe8VWlVyQLU=
-----------------------------110252005920448977631967513926--
with firefox we have:
POST /test/index HTTP/1.1
Host: 10.2.14.101:3000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091030 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 BAVM/1.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://10.2.14.101:3000/test/index
Cookie: _test_session=BAh7BzoQX2NzcmZfdG9rZW4iMStRbkNRRkRpc2lQb1QwNHlqNStiajhwYW5rRlpCOWZDWG5ONzJweXJxaFE9Og9zZXNzaW9uX2lkIiU1YTdiNjY1ZTRjOGJjYTVkMTFlM2QwOTExOTM0NzlhMQ%3D%3D--e48d25c9bd1302af1a1c8e66db94ff028b0b5287
Content-Type: multipart/form-data; boundary=---------------------------122499984610046910981719608194
Content-Length: 231
-----------------------------122499984610046910981719608194
Content-Disposition: form-data; name="authenticity_token"
FgGZ+7GZ+jEcOOAoAa0Cx7ExgghWDtxFUe8VWlVyQLU=
-----------------------------122499984610046910981719608194--
Comments and changes to this ticket
-
-
Mike Riley July 29th, 2010 @ 03:34 PM
- State changed from “new” to “resolved”
- Importance changed from “” to “”
Hello,
I see the link to the rack google group and your listing of this as invalid. I am going to close this out as resolved. If this is incorrect, let us know so we can investigate further.
Mike Riley
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
beam
Jeremy Kemper
Mike Riley