ruby-on-rails-3 – Paperclip宝石触发CSRF令牌验证问题

#story.rb

class Story < ActiveRecord::Base

  attr_accessible :title,:user_id,:username,:posts_attributes

  belongs_to    :user
  has_many      :posts,:dependent  =>  :destroy,:order => "created_at DESC"

  accepts_nested_attributes_for :posts,:reject_if => lambda { |t| t['contents'].nil? }

end

#post.rb

class Post < ActiveRecord::Base

  attr_accessible :contents,:photo,:dimensions

  belongs_to    :story,:touch => true
  belongs_to    :user,:touch => true

  has_attached_file :photo,:styles => { 
                      :medium => { :geometry => "400x400>" },:thumb => { :geometry => "100x100>" },},:processors => [:thumbnail],:storage => :s3,:s3_credentials => "#{Rails.root.to_s}/config/s3.yml",:path => "/:style/:id/:filename"


  before_save   :extract_dimensions

  serialize   :dimensions

  validates   :contents,:presence   => true,:length         => {  :maximum => 399,:minimum => 5 } 
  validates   :user_id,:presence => true

  validates_attachment_content_type :photo,:content_type => ['image/jpeg','image/png','image/gif','image/jpg'],:message => "Sorry,we don't support that type of image format"

end

如您所见,帖子可能附有照片附件.我使用回形针来管理这些附件.

我生成使用javascript / jquery在客户端上动态发布这些帖子的表单.我的问题是这个. . .如果帖子不包含照片附件,一切都可以完美. IF,但是,如果POST有照片附件,我收到以下错误消息,该帖子不POST：

WARNING: Can't verify CSRF token authenticity
  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 61 LIMIT 1
   (0.3ms)  BEGIN
   (0.2ms)  COMMIT
Completed 401 Unauthorized in 238ms

结果,我的会话数据被破坏,我甚至不能看到与Firebug的请求头. put请求根本不会出现在firebug中.

现在,毫不奇怪,我可以在PostController中解决以下问题：

skip_before_filter :verify_authenticity_token,:only => [:create]

但我不想放弃这种安全.我也尝试通过js / jquery将CSRF头添加到我的表单中：

jQuery.ajaxSetup({ 
  beforeSend: function(xhr) {
    xhr.setRequestHeader('X-CSRF-Token',$('Meta[name="csrf-          
            token"]').attr('content'));
  }
});

但是这并不能解决问题,正如我上面所说的,我甚至看不到请求头数据来看头.

任何人都可以看出纸夹是否触发问题的原因？