如何在数据传输完成之前拒绝文件上传?
我正在构建一个具有文件上传功能的 Rails 应用程序,并且只允许经过身份验证的用户上传文件。文件上传表单位于会员专用区域,但由于很容易获取上传 URL 并尝试从脚本发布数据,因此我担心未经身份验证的文件上传提交。当然,上传会被拒绝,但只有在数据传输完成并且宝贵的带宽被浪费之后。在将整个表单提交到我的服务器之前,如何拒绝未经身份验证的文件上传?由于我无法使用脚本或 CURL 控制用户,这将需要某种服务器端解决方案。我很感激任何反馈。谢谢。
I'm building a Rails application with file upload functionality and only authenticated users are allowed to upload files. The file upload form is in the members only area but since it is easy enough to grab the upload URL and attempt to post data from a script I am concerned about unauthenticated file upload submissions. Sure the upload would get rejected but only after the data transfer has completed and valuable bandwidth got wasted. How can I reject unauthenticated file uploads before the entire form has been submitted to my server? Since I can't control users using scripts or CURL this would require some sort of server side solution. I appreciate any feedback. Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是一个简单的伪代码,说明您可以做什么。 before_filter 在执行操作之前执行(upload_form_action 是上传表单页面,upload_action 是接收文件 allowed_to_upload 的页面,
应该是返回的帮助程序/函数/等true/false,如果为 false,则会呈现 403 未经授权,否则只会跳过。
This is a simple pseudo-code on what you could do.. The before_filter is executed before the action is executed (upload_form_action being the upload form page, and upload_action being the page that recieves the file
allowed_to_upload should be helper/function/etc that returns true/false, if it's false, it will render 403 unauthorized, otherwise it will just skimp on.