[API] Direct upload endpoint returns 422 with Bearer token authentication

[robzolkos]

The /rails/active_storage/direct_uploads endpoint documented in https://github.com/basecamp/fizzy/blob/main/docs/API.md#attaching-files-to-rich-text returns a 422 Unprocessable Entity error when using Bearer token authentication.

Steps to reproduce:

curl -X POST \
  -H "Authorization: Bearer <valid_token>" \
  -H "Content-Type: application/json" \
  -d '{"blob":{"filename":"test_image.png","byte_size":321,"checksum":"tBdTQLEGIyHyePewXSEi2w==","content_type":"image/png"}}' \
    https://app.fizzy.do/rails/active_storage/direct_uploads

Expected behavior:

Returns JSON with direct_upload URL and signed_id as documented.

Actual behavior:

Returns 422 Unprocessable Entity HTML error page.

Notes:

• The token works correctly for all other API endpoints
• Multipart file uploads to regular endpoints (e.g., user[avatar], card[image]) work fine
• Only the Active Storage direct upload endpoint fails

[monorkin]

Good catch @robzolkos , I'll take a look at this tomorrow.

[jankeesvw]

Ah, I'm running into the same issue here. I created a PR, maybe you can look at #2065.

[monorkin]

Fixed this in #2079