I use an HTML form to allow the user to upload files.
In order to make adding attachments more user friendly, I added client side code to allow the user to add/remove files (I basically did this as outlined in this answer ).
Because I don't want to adjust too much of my server side code, I'd still like to send the form in a regular request, handle it on my server, and return an Http Response (ie: no Ajax, send request from same thread as main page and then redirect or forward the response on my Servlet
).
However, the only way to submit the FormData Object is via Ajax. When I look for ways to send the FormData
Object via a regular Http Request (eg: by attaching it to the form), I hear that this is not allowed because it is not safe.
Why can the FormData
be submitted via XMLHttpRequest
but submitting via regular Http Request (like a regular form submit) is considered not safe to the user? What's the difference? To phrase this another way: You can mess with attachments if you're submitting them via Ajax
but not via a regular request. Why?
If there is a way to submit the FormData
in a regular request, I would be interested to hear what it is.
Thanks.
Extra clarification (motivated by comments):
The input element on the form does not accurately represent the user's selections. I allow the user to add/remove files. I do this by creating my own Array
of File
Objects in the client side code. This new array of File
Objects needs to be sent with the request. This is possible with Ajax (ie: by creating a FormData
Object), not with regular form submit; why?
The only way to submit the FormData Object is via Ajax
This is not true.
A FormData
object is simply a way of encoding binary data before transfer (see MDN for a full outline of its purpose). It is only really required when sending files (ie. binary data) to the server.
If you want to do that without AJAX, add the enctype="multipart/form-data"
attribute to your form
element and submit it as usual.
Also note that the use of FormData
has nothing to do with security, as your question title implies.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.