ProgerXP
commented
6 years ago What do you mean exactly? I don't understand you.
Open trinitrotoluene76 opened 6 years ago
ProgerXP
commented
6 years ago What do you mean exactly? I don't understand you.
trinitrotoluene76
commented
6 years ago in basic.html, if i try alert('file type is: '+file.type); in files.each(function (file) {...} the alert box contains "file type is: " when i upload the README.md for example, instead "file type is: text/markdown".
For most of file extensions it's ok, but not for these quoted.
ProgerXP
commented
6 years ago The type comes from the browser which in turn detects it based on file extension. It's usually bad practice to rely on this property since it's not portable and depends on browser version.
trinitrotoluene76
commented
6 years ago I tested with Chrome 60.0.3112.101 (Build officiel) (64 bits). What is the best pratice to detect mime type before opload?
ProgerXP
commented
6 years ago type depends on file extension so it's trivial to fake. You have two options:
trinitrotoluene76
commented
6 years ago Thanks for reply. I knew that it's trivial to fake, but I thought put a first verification on the client side to avoid bad file by mistake and a second verification on the server side with your method for example.
ProgerXP
commented
6 years ago Yes, that could be used but type is unreliable anyway because one browser might report one file type as something, another browser will report the same type as something else, or even two different versions of the same browser may work differently.
If you intend to validate common formats like images then you can definitely rely on type. If you want it for things like md or 7z then it's a bad idea and you better implement a simple signature check as I have described above (should not be hard with FileDrop).
trinitrotoluene76
commented
6 years ago ok, cristal clear now, thanks
Hi, i'm testing filedrop and I have notice that file type function doesn't work for several files:
the php function mime_content_type() retrieves those files.