I've been banging my head against this wall trying to figure out what's going on and would appreciate the help of someone with more experience.

Here's what's going on,

I'm trying to use the ActiveStorage::DirectUploadsController to upload an image. Here's what my custom controller looks like:

class DirectUploadsController < ActiveStorage::DirectUploadsController
  # Should only allow null_session in API context, so request is JSON format
  protect_from_forgery with: :null_session, if: proc { |c| c.request.format == 'application/json' }

  before_action :authenticate_request

  private

  def authenticate_request
    user = AuthorizeApiRequest.call(request.headers).result
    render json: { error: 'Not Authorized' }, status: 401 unless user
  end
end

However, when hitting the endpoint with a jpeg, I get the following:

Started POST "/direct_uploads" for ::1 at 2020-04-17 17:42:40 -0400
Processing by DirectUploadsController#create as JSON
  Parameters: {"blob"=>{"filename"=>"image_picker_1249334B-5119-4F5E-91FB-99D55063495C-37712-0000F8C231364FA5.jpg", "content_type"=>"image/jpeg", "byte_size"=>1476387, "checksum"=>"33cpsUeaiJpTT+o6MkZlAQ=="}, "direct_upload"=>{"blob"=>{"filename"=>"image_picker_1249334B-5119-4F5E-91FB-99D55063495C-37712-0000F8C231364FA5.jpg", "content_type"=>"image/jpeg", "byte_size"=>1476387, "checksum"=>"33cpsUeaiJpTT+o6MkZlAQ=="}}}
Can't verify CSRF token authenticity.
  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ?  [["id", 1], ["LIMIT", 1]]
  ↳ app/commands/authorize_api_request.rb:19:in `user'
   (0.1ms)  begin transaction
  ActiveStorage::Blob Create (1.5ms)  INSERT INTO "active_storage_blobs" ("key", "filename", "content_type", "byte_size", "checksum", "created_at") VALUES (?, ?, ?, ?, ?, ?)  [["key", "2qcdc5dzs615rkxf5xgptki4l5pe"], ["filename", "image_picker_1249334B-5119-4F5E-91FB-99D55063495C-37712-0000F8C231364FA5.jpg"], ["content_type", "image/jpeg"], ["byte_size", 1476387], ["checksum", "33cpsUeaiJpTT+o6MkZlAQ=="], ["created_at", "2020-04-17 21:42:41.075445"]]
   (10.2ms)  commit transaction
  Disk Storage (4.8ms) Generated URL for file at key: 2qcdc5dzs615rkxf5xgptki4l5pe (http://localhost:3000/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNbkZqWkdNMVpIcHpOakUxY210NFpqVjRaM0IwYTJrMGJEVndaUVk2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWRG9UWTI5dWRHVnVkRjlzWlc1bmRHaHBBeU9IRmpvTlkyaGxZMnR6ZFcxSkloMHpNMk53YzFWbFlXbEtjRlJVSzI4MlRXdGFiRUZSUFQwR093WlUiLCJleHAiOiIyMDIwLTA0LTE3VDIxOjQ3OjQxLjExMVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--b2c1b25a821e7ef4b150012ad33d28e5bb6752e8)
Completed 200 OK in 439ms (Views: 1.9ms | ActiveRecord: 14.4ms | Allocations: 20173)

Started PUT "/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNbkZqWkdNMVpIcHpOakUxY210NFpqVjRaM0IwYTJrMGJEVndaUVk2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWRG9UWTI5dWRHVnVkRjlzWlc1bmRHaHBBeU9IRmpvTlkyaGxZMnR6ZFcxSkloMHpNMk53YzFWbFlXbEtjRlJVSzI4MlRXdGFiRUZSUFQwR093WlUiLCJleHAiOiIyMDIwLTA0LTE3VDIxOjQ3OjQxLjExMVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--b2c1b25a821e7ef4b150012ad33d28e5bb6752e8" for ::1 at 2020-04-17 17:42:41 -0400
Processing by ActiveStorage::DiskController#update as HTML
  Parameters: {"encoded_token"=>"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNbkZqWkdNMVpIcHpOakUxY210NFpqVjRaM0IwYTJrMGJEVndaUVk2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWRG9UWTI5dWRHVnVkRjlzWlc1bmRHaHBBeU9IRmpvTlkyaGxZMnR6ZFcxSkloMHpNMk53YzFWbFlXbEtjRlJVSzI4MlRXdGFiRUZSUFQwR093WlUiLCJleHAiOiIyMDIwLTA0LTE3VDIxOjQ3OjQxLjExMVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--b2c1b25a821e7ef4b150012ad33d28e5bb6752e8"}
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 218)

It looks like the first request succeeds, then an internal call is made from within the ActiveStorage gem that fails. I've done some digging, and the only similar issue I could find is here: https://github.com/rails/rails/issues/34058

It seems this check fails, causing the 422: https://github.com/rails/rails/blob/bfea0af4ba7d717d6a065b4370e3ccfd8869dde6/activestorage/app/controllers/active_storage/disk_controller.rb#L22-L26

After debugging, it seems this check is failing: token[:content_length] == request.content_length, because token[:content_length] is correct but request.content_length is 0.

I'm not really sure where to look next, I think I found the source of the request but content_length is set correctly from what I can tell. Any idea what's going on?

I'm making the request from a Flutter frontend using this package: https://pub.dev/packages/active_storage/. I'd love to test the API directly using Postman but I can't seem to find any info on the request format.


Solution 1: Lee

In case you still have this issue, I forked the active_storage library, to set a Content-Length header as the file is being streamed to Rails. Fork is available here: https://github.com/leesus/dart-active-storage