Upload not working on Brave

[djyotta]

Introduction

On Brave Version 1.66.110 Chromium: 125.0.6422.60 (Official Build) (64-bit) On debian

brave-browser/stable,now 1.66.110 amd64 [installed]
  The web browser from Brave

To Reproduce

Use this page:

SELECT 'form' AS component, 'Upload' AS validate;
SELECT 'Upload' AS value, '' AS label, 'hidden' AS type, 'action' AS name;
SELECT 'content' AS name, 'file' AS type, '' AS label;

Try upload with firefox

Firefox 126.0 (64-bit) (work for me). MXLinux pkg:

firefox/mx,now 126.0~mozillabinaries-1mx21+1 amd64 [installed]
  The Firefox web browser

On the file I tried, the POST payload was like this:

-----------------------------12033294501313551660708751435
Content-Disposition: form-data; name="action"

Upload
-----------------------------12033294501313551660708751435
Content-Disposition: form-data; name="content"; filename="Visitor Enrolment to Full Enrolment.docx"
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document

PK��  MX���������������_rels/.rels­ÒÁJ1à{Ÿb™{w¶UDd³½ˆÐ›H}€Ìî›LH¦ZßÞP
ºPVÁ3ùçç#¤Ýý¾z§”«ºŠ‚aë àu÷´¼‡M·h_h¯¥Dòèb®ÊNÈ
F‘ø€˜ÍH^çš#…rÓsòZÊ1
µyÓáºiî0ýì€nÒYm­‚´µ+¨vŸ‘þ׍žD[-
-- truncated and possibly mojibaked by my copy paste, but much data followed and I trust is correct (haven't confirmed)

Then with brave

I tried with and without brave shields up/down

Brave Version 1.66.110 Chromium: 125.0.6422.60 (Official Build) (64-bit) Debian pkg

brave-browser/stable,now 1.66.110 amd64 [installed]
  The web browser from Brave

On brave, the POST payload looks like this: This is the full output - there is no data (well, looks like maybe just a blank line):

------WebKitFormBoundaryjZTpHwaPMWnyd7l3
Content-Disposition: form-data; name="action"

Upload
------WebKitFormBoundaryjZTpHwaPMWnyd7l3
Content-Disposition: form-data; name="content"; filename="Visitor Enrolment to Full Enrolment.docx"
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document

------WebKitFormBoundaryjZTpHwaPMWnyd7l3--

Expected behavior

I expect upload to work on Brave.

I have not tested google chrome or chromium. It would be great if someone could confirm if this is working on other chromium based browsers.

Version information

• OS: MXLinux
• Database: N/A
• SQLPage Version: 0.20.5

[lovasoa]

It looks like it's not the same file in both cases. Can you share a screenshot, and the file you are trying this with?

[djyotta]

I did use the same file, but copy pasted the wrong data. I've updated the Brave example with the same file.

[lovasoa]

This sounds like a bug in brave, doesn't it? What if you make a simple html file with an upload form? Outside of SQLPage?

[djyotta]

Well it could be, but my old UI works fine: https://shandan.one/upload

It's an HTML form. It uses python + bottle.

[djyotta]

I'm about to test Chromium. I'm probably not going to test google-chrome... I try to avoid google softwares.

[lovasoa]

Do you see anything in the web console ? How could I reproduce this ?

[djyotta]

Nothing in web console. But on the network tab of developer tools, the POST data (or lack of) is shown.

If you can get latest brave browser: https://brave.com/ - should be easy to reproduce (unless it's an OS + browser combo)

In the mean time, I will make sure mine is up-to-date (I think I updated it yesterday - not sure).

[djyotta]

Can confirm I'm seeing this behaviour on Chromium too. So either all Chromium products are doing something weird or there is something missing in the form that Chromium doesn't do the right thing but Firefox does... I guess also the server could not be handling the upload correctly and causing the browser not to send any data...

I'll compare the form from my old UI with the SQLPage one and see if I can spot any fundamental differences. My old UI nearly always responds with redirects... which complicates things.

[lovasoa]

I'm not sure how the server could be causing the browser to make a different request... Do you see any particular error in SQLPage's logs ? Maybe when you run it with RUST_LOG=debug ?

Is your file above or below the max_uploaded_file_size configured in SQLPage? (5 MiB by default)

https://github.com/lovasoa/SQLpage/blob/main/configuration.md

[djyotta]

It's 9.7KB file - recall it can be uploaded to SQLPage through firefox, so I guess this proves SQLPage can do it, but somehow the exact same page and file on Chromium based browser (I've tested Chromium and Brave) doesn't upload.

It does seem to be the browser is deciding not to send data. Hence I wonder if there is some attribute missing in the

tag or the "submit" input that is causing the browser to not send anything...

I'll test again with RUST_LOG=debug

I'll test also with Google Chrome too - as I figure it's important that it should work with the most popular browser in the world...

[djyotta]

Ok so now I feel dumb - I've managed to prove uploads do in fact work with chromium browser despite the lack of POST data shown in the developer tools:

SET data_uri = sqlpage.read_file_as_data_url(sqlpage.uploaded_file_path('content'));
SET mime_type = CASE
  WHEN COALESCE($data_uri, '') = ''
  THEN NULL
  ELSE sqlpage.uploaded_file_mime_type('content')
END;

SELECT 'debug' AS component;
SELECT $content AS content;
SELECT $mime_type AS mime_type;
SELECT $data_uri AS data_uri;

SELECT 'form' AS component
, 'Upload' AS validate
;

SELECT 'Upload' AS value
, '' AS label
, 'hidden' AS type
, 'action' AS name
;
SELECT 'content' AS name
, 'file' AS type
, '' AS label
;

It seems it's the developer tools in chromium which is faulty.

My only defence is that initially, the data_uri returned by sqlpage.read_file_as_data_url(sqlpage.uploaded_file_path('content')) really was returning null as per the debug statements... but at the time the call to read_file_as_data_url was being made in a sql file included with sqlpage.run_sql. Which I've identified as not working (should it?).

So I jumped to conclusions when I saw the POST data missing in chromium developer tools but not in firefox developer tools.

So I'll close this one now.

[lovasoa]

Oh, yes, this is a limitation of run_sql. I should fix it, and, in the meantime, add a warning when it is used with uploaded files.

[djyotta]

I raised https://github.com/lovasoa/SQLpage/issues/334 to track it. Thankfully, the documentation lead me to guess why it wasn't working:

https://sql.ophir.dev/functions.sql?function=persist_uploaded_file#function

Name of the form field containing the uploaded file. The current page must be referenced in the action property of a form component that contains a file input field.

So it made me think it was important not to have any sort of indirection... but this statement isn't mentioned anywhere else. It should probably appear in the documentation for the form component, as it appears to be referring to file input type in general and not specifically to persist_uploaded_file.

[vks2]

getting that error on windows, with that code while upload (note, all path are valid)

set file_path = sqlpage.uploaded_file_path('Image');
set file_name = '.\avatar\\'||sqlpage.random_string(10)||'.jpg';
set mv_result = sqlpage.exec('move', $file_path, $file_name);

Error We are sorry, but an error occurred while generating this page. You should contact the site's administrator.

Failed to set the $mv_result variable to StmtWithParams { query: "SELECT CAST(? AS TEXT)", params: [FunctionCall(SqlPageFunctionCall { function: exec, arguments: [Literal("mv"), PostOrGet("file_path"), PostOrGet("file_name")] })] }

Backtrace

Error in function call sqlpage.exec('mv', $file_path, $file_name).
Expected sqlpage.exec(program_name, args)

Unable to execute command: move C:\Users\User\AppData\Local\Temp\.tmpIgzxkJ ./avatar/KM1mkM9Kmz.jpg

program not found

Built with SQLPage

[lovasoa]

Hi ! Since v0.20, we have sqlpage.persist_uploaded_file(name). So you no longer need to activate exec to be able to save uploaded files. Did you try it ? You should probably migrate to it instead of sqlpage.exec('move', ...)

[vks2]

ok, will give it a try, thnx much