Demo upload not working and no error given
johnspackman opened this issue · 1 comments
Derrell Lipman @derrell 13:37
@johnspackman I'm looking at and seeking to understand UploadMgr. Testing it against your server, the demo app tells me it has uploaded my file, but I don't see a multipart/form message being sent, nor any data from my file... yet I get back a 200. Can you enlighten me as to what's going on?
John Spackman @johnspackman 14:00
@derrell so if the request is not multipart/formdata what is it that returns the 200 response?
John Spackman @johnspackman 14:02
basically on modern browsers it uses XMLHttpRequest, and either uses the browser’s native support for FormData to send it as multipart, or uses a FormData shim to achive teh same thing
Derrell Lipman @derrell 14:02
@johnspackman request:
OPTIONS /demoupload HTTP/1.1
Host: www.zenesis.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Access-Control-Request-Headers: content-type, x-file-name, x-requested-with
Accept: /
Referer: http://localhost:8000/Mutualink/wsg.git/frontend/UploadMgr.git/demo/default/source/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
response:
HTTP/1.1 200 OK
Date: Thu, 19 May 2016 12:23:47 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
Derrell Lipman @derrell 14:03
@johnspackman That's all that happens, so I'm confused.
John Spackman @johnspackman 14:03
@derrell so an OPTIONS request is the first connection that asks the server what kind of cross site access is allowed; it’s implemented by the browser transparently, and unless the server responds that the request from your server is allowed, thebrowser will return access denies
whats the response for OPTIONS?
Derrell Lipman @derrell 14:04
@johnspackman those two messages are all that are sent in either direction.
John Spackman @johnspackman 14:05
@derrell ah, it looks like the little demo xss server may not be on my site any more
Derrell Lipman @derrell 14:05
@johnspackman What's giving me the 200?
@johnspackman And more importantly, why is the demo telling me "(Completed)" ?
John Spackman @johnspackman 14:06
don’t know, but AFAICR you should get back more than that - like response headers starting Allow-Access-*
John Spackman @johnspackman 14:06
can you setup an upload url on your localhost:8000?
the only thing my server ever did was to allow anyone to upload from any URL, and then delete the file as soon as it arrived
Derrell Lipman @derrell 14:07
I can. I was hoping to work with an existing server first, since I need to create the upload server here and I've never used multer which I think I want to use.
But if yours no longer exists, I'll need to set it up anyway. I'm concerned, though, that it says it worked. Does this indicate a possible UploadMgr bug?
Or maybe it's just a demo bug?
John Spackman @johnspackman 14:08
@derrell possibly. i started migrating it last weekend and i’ll do some more on it next weekend or when I get a mo, but ill add it as an issue so that it gets tracked down
Derrell Lipman @derrell 14:09
I may be a step ahead of you along that path, since I'd like to get this working today.
@derrell this is fixed now - note that the current commit uses a different upload URL, but the implementation is the multer server demo