Java applets went out of fashion some years ago, and you don't see them very often now. But they still can be useful. We had a file upload problem that was not solved by plupload, uploadify, swfupload or any other common solutions. The answer was JumpLoader - with this we can upload files bigger than 2Gb, and it's got a host of other nice options and features. (Yeh, I know it may not be a good idea to try to send files >2Gb through a browser, but that's what we need to offer - and at least we can arrange to resume failures.) The downside is that it needs to be code-signed if you do not want your users to see a self signed certificate warning when they run it for the first time. Those certificates are quite expensive ($200 per year depending). But assuming that's not a problem, let's dive in and get it working with Rails 3. There are two things you need to send when posting a file upload to rails - the request forgery protection token in with the post params, and the cookie that identifies you in the header. Fortunately, JumpLoader offers us both possibilities. I've installed the java files in public/java.  So this is how my applet tag looks, in HAML: And the resulting tag in the HTML output: Here we have set the requestProperties to the session cookie, which ensures it is sent with the request headers. We also tell the applet to 'fireAppletInitialized' which is a javascript function. Here is the javascript from the head of the document, in ERB this time: This sets the token in a parameter that will be sent with the posted file. Now the upload should pass the csrf check. Note the 1 second delay before setting the parameter in the applet. This is because I was seeing hangs in Safari when setting the parameter directly from the appletInitialized function.