[Seaside] [Pharo-users] Bad Request ZnEntityTooLarge

Bernhard Pieber bernhard at pieber.com
Thu Jan 26 19:33:22 UTC 2017


> Am 21.01.2017 um 15:12 schrieb Ben Coman <btc at openInWorld.com>:
> On Sat, Jan 21, 2017 at 1:22 AM, Bernhard Pieber <bernhard at pieber.com> wrote:
> Hi Johan,
> 
> Thank you for your detailed answer. See below.
> > Am 20.01.2017 um 10:12 schrieb Johan Brichau <johan at inceptive.be>:
> >
> > imho, it’s better practice to detect too large file upload in your app on the client side, i.e. before your user has been uploading xxx MB. For that, you can check out various client-side programs like jQuery-FileUpload (https://blueimp.github.io/jQuery-File-Upload/)
> Thanks for the pointer. I will look into adding somthing like this on the client side. Someone mentioned using Dropzone.js from Seaside. I had searched stackoverflow for limiting upload file size and found some helpful tips:
> http://stackoverflow.com/questions/11514166/check-file-size-before-upload
> 
> However, I also found warnings like these:
> „Keep in mind that even if it's now possible to validate on the client, you should still validate it on the server, though. All client side validations can be bypassed.“
> „Of course, this … can be tampered with so always use server side validation.“
> 
> This is why I wanted to find a user-friendly way to prevent this from my server code. Are you saying, this is not necessary in your opinion?
> 
> 
> In general I'd say... If someone is smart-enough and wicked enough to bypass your client side checks, you don't need to be user-friendly to them.  The server checks are more to protect your server from them. 
You are right. I am convinced. I will add client side checks. Thanks for your answer, Ben.

Cheers,
Bernhard


More information about the seaside mailing list