I am using railwayjs and I am trying to upload files. I am doing it using an iframe to enable independent ajax uploads. (disabled multipart parser and am planning to use formidable directly)
I am copying the csrf_token from the meta tags from the application_layout and appending it to the file upload form as a hidden input field. This is done using jquery on the frontend dynamically while uploading each file.
However, the server says 'incorrect authenticity token'. I would like to check the token that I am sending with the copy held by the server. Where in the stack is this done.
As a last resort how do I disable it, is it even advisable?
Well it's old, but you just have to add <%- csrf_tag() %> to your form :)