Larger than maxUploadSize error reporting

[ignl]

Hi, I have a collection with set maxUploadSize option. I wonder if that should be enough and insert callback should return an error or I do need to do some manual check and error reporting for the user on client? Because right now file with length = 0 is inserted into database with no error if I upload larger than allowed file.

[ignl]

I currently just added a check on client with error reporting if file is too big and same with validating contentType except same check additionally on allow rules for contentType.

[vsivsi]

Hi, you should certainly do file size checking in the client code, and refrain from inserting the zero-length file if the proposed upload is too large.

The server-side check exists to prevent abuse (i.e. you can never really trust client-side code in the hands of an adversary.) But under normal circumstances, a client-side check should be catching an oversized request before anything ever touches the server.