Deleplace
commented
8 years ago See former mobile app hard-coded limit : #85
Open Deleplace opened 8 years ago
Deleplace
commented
8 years ago See former mobile app hard-coded limit : #85
Deleplace
commented
8 years ago Then drop the mobile app hard-coded limit? Or set it high? Or manage it somehow?
Deleplace
commented
8 years ago Note that we currently don't have control over what is sent to, and received by, the GCS servers pointed to by the signed uploadUrls. Thus, we rely on cooperative behavior between mobile app and backend, to declare intended size of upload, so it can be denied even before the uploadUrl is created.
Deleplace
commented
7 years ago The final enforcement problem remains. Read http://stackoverflow.com/questions/17704362/enforcing-object-max-size-and-content-mime-type-within-signed-upload-urls for possible solution.
Deleplace
commented
7 years ago But a "policy document" applies to a POST, not to a PUT :(
Deleplace
commented
7 years ago Nacho says it can be applied to a PUT.
So it can be configured dynamically by service admin, instead of hard-coded in mobile app. This doesn't change much for security concerns (cheaters gonna cheat).
The resource size must be checked by service
/new-gcs-urls. This means that the app would provide it as a parameter.