So, I am attempting configure the parser on a json server that accepts multipart uploads, but I am encountering a problem:
Configuration:
plug Plug.Parsers,
parsers: [:urlencoded, :multipart, :json],
pass: ["image/jpeg", "image/webp", "image/png"],
length: 20_000_000,
json_decoder: Phoenix.json_library()
But! The pass parameter does not appear to be doing anything. I can pass anything to this server and it happily accepts it.
UPDATE, I also tried adding the pass parameterization to the multipart parser itself, also to no effect:
parsers: [:urlencoded, {:multipart, pass: ["image/jpeg", "image/webp", "image/png"]}, :json],
There’s I think some misunderstanding. Plug.Parsers parses the http request and :pass is meant to validate the type of the request (based on the content type header). It’s not concerned at all with the data the http requests body eventually represents. There are means to customize the multipart parser, see: Plug.Parsers.MULTIPART — Plug v1.16.1 or you could discard invalid types of files at a later stage.
1 Like
Ok, so the short answer is: the multipart parser does not have a built in way to restrict uploads by mime type; this is an exercise for the application.
Or, put another way: “Plug.Parsers configuration behaving as designed; user’s expectations were misaligned with reality.”
