Rails 4 Error 422 on heroku with ajax button

My Rails 4 app works fine locally but when I deploy to heroku I keep getting the error “422 Unprocessable Entity” for a particular ajax request:

<%= button_to update_profile_picture_path(
                params: {
                  picid:    standardpicture.id,
                  callsign: character.callsign,
                  authenticity_token: form_authenticity_token # doesn't work with or without this
              class: 'btn btn-default btn-xs',
              remote: true do %>
  <span class="glyphicon glyphicon-user" aria-hidden="true"></span>
<% end %>


which hits this controller action:

def update_profile
  @character = Character.find_by(callsign: params[:callsign])
  standardpicture = Picturething.find_by(id: params[:picid])
  @character.profilepicture.picture = standardpicture.picture.profile
  respond_to do |format|
    format.html do
      redirect_to @character.sociable


I’ve done everything suggested on SO:


protect_from_forgery # doesn't work with with: :exception or with: :null_session



<%= csrf_meta_tags %>


I’ve also tried deleting cookies and clearing the cache.

request headers

X-Runtime 3.023140
Date Mon, 21 Dec 2015 12:20:28 GMT
Via 1.1 vegur
Server Cowboy
Strict-Transport-Security max-age=31536000
Content-Type text/html; charset=utf-8
Connection keep-alive
Content-Length 1334
X-Request-Id b4217519-49d0-4719-ad19-283b7160d6cd
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Accept */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript
X-Requested-With XMLHttpRequest


Does anyone have any idea how to fix this?

My Rails 4 app works fine locally but when I deploy to heroku I keep getting
the error "422 Unprocessable Entity" for a particular ajax request:

Have a look in production.log and you should get more information.


Ok, here are the local logs and the production logs. While the local logs don’t have any errors the production logs are complaining about the line



in the controller.

local logs:

Started POST “/update_profile_picture?authenticity_token=q7pjfNN0v6matLmOvEY6O78cZ20aZNf9bVnOerV38we0dU317%2BRUeeA0OOOdinBkhCFy9XkzWnPlf%2BRvX6Sj6w%3D%3D&callsign=bazley&picid=2” for ::1 at 2015-12-21 20:10:10 +0000
Processing by PicturethingsController#update_profile as JS
Parameters: {“authenticity_token”=>“q7pjfNN0v6matLmOvEY6O78cZ20aZNf9bVnOerV38we0dU317+RUeeA0OOOdinBkhCFy9XkzWnPlf+RvX6Sj6w==”, “callsign”=>“bazley”, “picid”=>“2”}
Character Load (0.3ms) SELECT “characters”.* FROM “characters” WHERE “characters”.“callsign” = $1 LIMIT 1 [[“callsign”, “bazley”]]
Picturething Load (0.4ms) SELECT “picturethings”.* FROM “picturethings” WHERE “picturethings”.“id” = $1 LIMIT 1 [[“id”, 2]]
Picturething Load (0.8ms) SELECT “picturethings”.* FROM “picturethings” WHERE “picturethings”.“character_profile_id” =$1 LIMIT 1 [[“character_profile_id”, 1]]
(1.6ms) BEGIN
SQL (4.6ms) DELETE FROM “picturethings” WHERE “picturethings”.“id” = $1 [[“id”, 18]]
(3.8ms) COMMIT
(0.2ms) BEGIN
SQL (5.3ms) INSERT INTO “picturethings” (“character_profile_id”, “picture”, “created_at”, “updated_at”) VALUES ($1, $2,$3, $4) RETURNING “id” [[“character_profile_id”, 1], [“picture”, “profile_GOT1.jpeg”], [“created_at”, “2015-12-21 20:10:11.624407”], [“updated_at”, “2015-12-21 20:10:11.624407”]]
(0.4ms) COMMIT
Rendered picturethings/update_profile.js.erb (0.6ms)
Completed 200 OK in 786ms (Views: 4.4ms | ActiveRecord: 17.5ms)


Production logs:

2015-12-21T20:07:48.576449+00:00 app[web.1]: Started POST “/update_profile_picture?authenticity_token=Ubzl991xI%2FZwp8ZVxBRRxJZ060yLqQwgd4Oyz0m3r4bAc5Ofoa0U3JzsmVdKyocZXiLxLAVgvTexZymqOTZVHA%3D%3D&callsign=bazley&picid=1” for217.38.149.159 at 2015-12-21 20:07:48 +0000
2015-12-21T20:07:48.579647+00:00 app[web.1]: Processing by PicturethingsController#update_profile as JS
2015-12-21T20:07:48.579670+00:00 app[web.1]: Parameters: {“authenticity_token”=>“Ubzl991xI/Zwp8ZVxBRRxJZ060yLqQwgd4Oyz0m3r4bAc5Ofoa0U3JzsmVdKyocZXiLxLAVgvTexZymqOTZVHA==”, “callsign”=>“bazley”, “picid”=>“1”}
2015-12-21T20:07:49.565800+00:00 heroku[router]: at=info method=POST path="/update_profile_picture?authenticity_token=Ubzl991xI%2FZwp8ZVxBRRxJZ060yLqQwgd4Oyz0m3r4bAc5Ofoa0U3JzsmVdKyocZXiLxLAVgvTexZymqOTZVHA%3D%3D&callsign=bazley&picid=1" host=websmash.herokuapp.com request_id=bd512b7f-9475-474a-a27b-265a558b5653 fwd=""dyno=web.1 connect=0ms service=975ms status=422 bytes=1607
2015-12-21T20:07:49.545882+00:00 app[web.1]: Completed 422 Unprocessable Entity in 966ms (ActiveRecord: 9.1ms)
2015-12-21T20:07:49.549053+00:00 app[web.1]:
2015-12-21T20:07:49.549058+00:00 app[web.1]: ActiveRecord::RecordInvalid (Validation failed: Picture Failed to manipulatewith MiniMagick, maybe it is not an image? Original Error: Command (“identify -quiet -ping /tmp/mini_magick20151221-12-kc1te5.jpg”) failed: {:status_code=>1, :output=>"identify.im6: Not a JPEG file: starts with 0x23 0x3c /tmp/mini_magick20151221-12-kc1te5.jpg' @ error/jpeg.c/JPEGErrorHandler/316.\n"}): 2015-12-21T20:07:49.549060+00:00 app[web.1]: app/controllers/picturethings_controller.rb:12:in update_profile’



has_many :standardpictures, class_name: “Picturething”,
inverse_of: :character,
foreign_key: “character_standard_id”,
dependent: :destroy
accepts_nested_attributes_for :standardpictures

has_one :profilepicture, class_name: “Picturething”,
inverse_of: :character,
foreign_key: “character_profile_id”,
dependent: :destroy
accepts_nested_attributes_for :profilepicture



belongs_to :character, class_name: “Character”,
inverse_of: :standardpictures,
foreign_key: :character_standard_id
belongs_to :character, class_name: “Character”,
inverse_of: :profilepicture,
foreign_key: :character_profile_id
mount_uploader :picture, CharacterpicUploader



include CarrierWave::MiniMagick
process resize_to_limit: [900, 900]
version :profile do
process resize_to_fill: [230, 230]

Choose what kind of storage to use for this uploader:

if Rails.env.production?
storage :fog
storage :file

Override the directory where uploaded files will be stored.

This is a sensible default for uploaders that are meant to be mounted:

def store_dir


At first glance it looks like MiniMagik doesn’t think the file a a jpeg. I don’t understand yet, I shall investigate further now, but that’s the latest!


Removing MiniMagick partially solves the problem - the ajax request goes through without error, returning this js:

$('#profilepic').html('<img src=\"https://websmash.s3.amazonaws.com/uploads/picturething/picture/5/baz1.jpg\" alt=\"baz1\" />')


However the picture doesn’t show up, there’s just a broken link saying ‘baz1’.

If you put that link straight into the browser you will see that
apparently amazon does not recognise websmash. I have never used
amazon aws so I can't say exactly what the problem may be.


I apologise, I have been fiddling with my heroku apps. If you put the link straight into the browser you get this:


This XML file does not appear to have any style information associated with it. The document tree is shown below.


Access Denied



So open your S3 console and fix your permissions :slight_smile:

Ok, I’ve been reading about Amazon bucket ACLs and their permissions. I’m not clear on the following.
My objectives are simple: I have created a website in which users can sign in, make posts, upload photos etc. Firstly, which group should I choose (Anyone; Any authenticated AWS user; log delivery; Me; Bazley). Which of these represents “anyone signed in and using my website”?

Secondly, what level of permissions should I give this group? (Read; Write; Read_ACP; Write_ACP)