Fix: HTTP::FormData parsing of multipart subparts #5683
Conversation
For example post data see https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2 In a multi-file upload the files are uploaded as a subpart with `Content-Disposition: file; filename="file1.txt"` this patch allows parsing of subparts using the standard library. References: https://tools.ietf.org/html/rfc2388 ``` either of the "content-disposition: form-data" header or, in the case of multiple files, in a "content-disposition: file" header of the subpart. ```
src/http/formdata.cr
Outdated
| @@ -133,7 +133,7 @@ module HTTP::FormData | |||
|
|
|||
| parts = content_disposition.split(';') | |||
| type = parts[0] | |||
| raise Error.new("Invalid Content-Disposition: not form-data") unless type == "form-data" | |||
| raise Error.new("Invalid Content-Disposition: not form-data or file") unless ["form-data", "file"].includes?(type) | |||
There was a problem hiding this comment.
I think you incorrectly removed 2 spaces at the beginning.
Also, you should use a Tuple instead of an array to avoid having to allocate the array, so something like: {"form-data", "file"}.includes? type.
|
I don't have enough knowledge on how HTTP is implemented and how this might be used to validate the relevance & implementation of your PR, but language-wise it looks better yes 😃 |
|
Actually, an added spec or two would be nice! |
|
The error message actually already states that it should work with bot The change is correct, but it should be supplemented by a spec. |
|
This is incorrect as per the RFC. Look at the example: This is a We should discuss how we want to handle this, but this is absolutely the incorrect fix and will not parse the above data. |
|
To make it clear what I mean, let me indent: |
|
@RX14 Good catch. From the initial description of the method and the error message it seemed obvious to be the intended behaviour. But when you look at the context of how it's used, it is clear that it won't work this way. There needs to be extra effort to support multiple file payloads. |
|
I think most actual browsers don't do this, they just send multiple fields with the same name, instead of nesting |
|
@RX14 to your point, I am extracting the indented data and then wanting to parse it. Please see: https://github.com/spider-gazelle/action-controller/blob/master/src/action-controller/body_parser.cr#L61 So this minor modification solves the issue. Otherwise I have to have an independent copy of this parsing code for something covered by the specification. |
|
i.e. even if in the future if effort is taken to support multiple file payloads you can use this parsing code to extract those files. Supporting the two types of |
|
This class is for parsing We should have some way to parse a |
|
The |
|
Thanks for the tip @RX14 - I'll re-factor using |
|
@stakach You'll still have to parse the |
For example post data see https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2
In a multi-file upload the files are uploaded as a subpart with
Content-Disposition: file; filename="file1.txt"this patch allows parsing of subparts using the standard library.References: https://tools.ietf.org/html/rfc2388