javascript HTML 文件上传:有没有办法强制 content-type="application/octet-stream"
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3884235/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HTML file upload: is there a way to force content-type="application/octet-stream"
提问by Bert
We are custom handling file uploads on the server end due to embedded limitations.
由于嵌入式限制,我们正在服务器端自定义处理文件上传。
The HTML file upload code used in a Firefox browser:
Firefox 浏览器中使用的 HTML 文件上传代码:
<html>
<body>
<form action="http:///192.168.1.1/upload.cgi" name="form_1" method="post" enctype="multipart/form-data" >
<input type="file" id="file" name="filename" content-type="application/octet-stream">
<input type="submit" name="mysubmit" value="Send">
</form>
<body>
</html>
If the selected file is called "fish.jpg", the server receives its content-type as "image/jpeg". If the file is renamed to just "fish" without the file extension, the server receives its content-type as "application/octet-stream" which is what we want.
如果所选文件名为“fish.jpg”,则服务器接收其内容类型为“image/jpeg”。如果文件被重命名为没有文件扩展名的“fish”,服务器将其内容类型接收为“application/octet-stream”,这正是我们想要的。
Is there a way to force "application/octet-stream" in an HTML page (with or without regular JavaScript)?
有没有办法在 HTML 页面(使用或不使用常规 JavaScript)中强制“应用程序/八位字节流”?
Thanks in advance, Bert
提前致谢,伯特
回答by bobince
No. There is no content-type="..."attribute. You cannot influence the browser's choice of Content-Typeheader in a multipart/form-datasubpart at all, with or without JavaScript.
不,没有content-type="..."属性。无论是否使用 JavaScript,您都无法影响浏览器Content-Type在multipart/form-data子部分中对标题的选择。
Why does it matter? It's a bad idea for a server-side script do anything much with Content-Type, as it's so often inaccurate. Treating image/jpeguploads any differently from application/octet-streamis something that shouldn't be done, not least because a browser may choose to upload a JPEG as application/octet-streamor something else (in particular, IE usually likes to send image/pjpeg).
为什么这有关系?服务器端脚本用 做很多事情是个坏主意Content-Type,因为它经常不准确。对待image/jpeg上传的任何不同application/octet-stream是不应该做的,尤其是因为浏览器可能会选择上传 JPEGapplication/octet-stream或其他东西(特别是,IE 通常喜欢发送image/pjpeg)。
If you control the server side and getting the right file upload type is critical, there should be an interface for the user to select it manually. (You can use JavaScript file extension sniffing and/or Content-Type to set a default value, but don't rely on either.)
如果您控制服务器端并且获得正确的文件上传类型至关重要,则应该有一个界面供用户手动选择。(您可以使用 JavaScript 文件扩展名嗅探和/或 Content-Type 来设置默认值,但不要依赖它们。)
回答by Sarfraz
Is there a way to force "application/octet-stream" in an HTML page (with or without regular JavaScript)?
有没有办法在 HTML 页面(使用或不使用常规 JavaScript)中强制“应用程序/八位字节流”?
You shouldn't set content-type in html like that. Bad guys can easily upload bypass that. The way is to do proper server-side validation.
您不应该像那样在 html 中设置 content-type。坏人可以轻松上传绕过。方法是进行适当的服务器端验证。
