Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit attachment upload size #17 #19

Merged
merged 8 commits into from
Oct 7, 2024
Merged

Limit attachment upload size #17 #19

merged 8 commits into from
Oct 7, 2024

Conversation

joelvdavies
Copy link
Collaborator

@joelvdavies joelvdavies commented Sep 30, 2024
edited
Loading

Description

Limits the attachment upload size by changing to using a POST request for uploads allowing specific conditions to be specified (see #17 comments for what happened when spoofing the content length in the header). The data returned is now not just an upload_url but instead upload_info with both a url and fields that should be POSTed along with the file data.

I have tried modifying the key in these fields and verified that it denies the request as it breaks the policy.

If testing with something like postman/insomnia you need to use a form-data body with all the fields returned by the /attachments POST endpoint, and an additional one file with the actual file data. Internally the content boundary is also set by postman or in the e2e tests through using the files parameter in the requests module. I am not quite sure what that would translate to on the front end but I assume either the browser or uppy will do it.

Testing instructions

Add a set up instructions describing how the reviewer should test the code

  • Review code
  • Check Actions build
  • Review changes to test coverage

Agile board tracking

Closes #17

@joelvdavies joelvdavies changed the base branch from develop to add-attachment-post-#11 September 30, 2024 08:02
@joelvdavies joelvdavies self-assigned this Sep 30, 2024
@joelvdavies joelvdavies added the enhancement New feature or request label Sep 30, 2024
@joelvdavies joelvdavies force-pushed the limit-attachment-upload-size-#17 branch from 59dfed3 to d8cb690 Compare September 30, 2024 09:45
@joelvdavies joelvdavies requested a review from VKTB September 30, 2024 12:41
@joelvdavies joelvdavies marked this pull request as ready for review September 30, 2024 12:41
@joelvdavies joelvdavies mentioned this pull request Sep 30, 2024
Merged
3 tasks
@joelvdavies joelvdavies force-pushed the add-attachment-post-#11 branch from 2064e4d to 88ce418 Compare September 30, 2024 15:31
Base automatically changed from add-attachment-post-#11 to develop October 2, 2024 08:26
@joelvdavies joelvdavies merged commit 6db9394 into develop Oct 7, 2024
3 checks passed
@joelvdavies joelvdavies deleted the limit-attachment-upload-size-#17 branch October 7, 2024 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VKTB VKTB VKTB approved these changes

Assignees

@joelvdavies joelvdavies

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Limit file size on attachment uploads
2 participants
@joelvdavies @VKTB