Multipart/form-data has zero files when no Content-Type header is present
eikooc opened this issue · comments
Hi there. I think I've stumbled upon a bug.
It looks like the default multipart/form-data
does not parse correctly that there is an array of files if there is no Content-Type
header specified for the files. It just parses as a string and nests it under fields
instead of files
if that header is not present.
Here is a minimal example:
import { Application } from "https://deno.land/x/oak/mod.ts";
const app = new Application();
app.use(async (ctx) => {
const body = ctx.request.body({
contentTypes: {
formData: ['multipart/form-data'],
},
})
const form = await body.value
const readForm = (await form.read())
console.log('readForm',readForm)
ctx.response.body = readForm;
});
await app.listen({ port: 8000 });
Here are two example requests and return values:
curl -v 'http://localhost:8000' -H 'Content-Type: multipart/form-data; boundary=some-boundary' --data-raw $'--some-boundary\r\nContent-Disposition: form-data; name="files"; filename="foo.json"\r\nContent-Type: application/octet-stream\r\n\r\n\r\n{"foo":"bar"}\r\n\r\n--some-boundary--\r\n' --compressed --insecure
> {"fields":{},"files":[{"contentType":"application/octet-stream","name":"files","filename":"/tmp/38ae2246/59a50109061ae24db6cf1951afb2962c8388fc10.bin","originalName":"foo.json"}]}
curl -v 'http://localhost:8000' -H 'Content-Type: multipart/form-data; boundary=some-boundary' --data-raw $'--some-boundary\r\nContent-Disposition: form-data; name="files"; filename="foo.json"\r\n\r\n\r\n{"foo":"bar"}\r\n\r\n--some-boundary--\r\n' --compressed --insecure
> {"fields":{"files":"\n{\"foo\":\"bar\"}\n"}}
I think it would be possible to infer just based on the filename
being specified that it is intended to be a file
According RFC 7578, the Content-Type
header is not mandatory.
Would you agree with what I've found?