stackoom
  简体   繁体   中英

Why is it safe to send Array of File Objects via Ajax but not via a regular Http Request?

 原文  2018-04-12 08:17:26       javascript/ jquery/ ajax/ multipartform-data/ form-data

Question

I use an HTML form to allow the user to upload files.

In order to make adding attachments more user friendly, I added client side code to allow the user to add/remove files (I basically did this as outlined in this answer ).

Because I don't want to adjust too much of my server side code, I'd still like to send the form in a regular request, handle it on my server, and return an Http Response (ie: no Ajax, send request from same thread as main page and then redirect or forward the response on my Servlet ).

However, the only way to submit the FormData Object is via Ajax. When I look for ways to send the FormData Object via a regular Http Request (eg: by attaching it to the form), I hear that this is not allowed because it is not safe.

Why can the FormData be submitted via XMLHttpRequest but submitting via regular Http Request (like a regular form submit) is considered not safe to the user? What's the difference? To phrase this another way: You can mess with attachments if you're submitting them via Ajax but not via a regular request. Why?

If there is a way to submit the FormData in a regular request, I would be interested to hear what it is.

Thanks.

Extra clarification (motivated by comments):

The input element on the form does not accurately represent the user's selections. I allow the user to add/remove files. I do this by creating my own Array of File Objects in the client side code. This new array of File Objects needs to be sent with the request. This is possible with Ajax (ie: by creating a FormData Object), not with regular form submit; why?

1 answers

solution1
 2  2018-04-12 08:22:05

The only way to submit the FormData Object is via Ajax

This is not true.

A FormData object is simply a way of encoding binary data before transfer (see MDN for a full outline of its purpose). It is only really required when sending files (ie. binary data) to the server.

If you want to do that without AJAX, add the enctype="multipart/form-data" attribute to your form element and submit it as usual.

Also note that the use of FormData has nothing to do with security, as your question title implies.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to send both array and file via same AJAX request? Send array of objects via GET request with Angular's $http to Java Spring Unable to send request via $http(AJAX) in angularjs service How to send js array of objects with form values via Ajax to email Send array via GET request with AngularJS' $http service How to send a string along with file via ajax request to a php file? On Button Click Send Javascript Array To Rails Controller Via Ajax Request Send array to php via AJAX Send fetchAll array via ajax Uable to send POST data to JSON file via JQuery/AJAX, Why?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM