Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does filepicker support restricting file types and validating file types? For example can I use Filepicker to bypass my own need to validate if a file is an image of a specific type (eg: png) or not?


I believe you can filter by mimetypes.


Correct. We currently do mimetype verification.

People have been asking for extensions as well, so that's on the roadmap as well.


File type and size limits are specified in the JavaScript API, no? Is there any way to enforce it server-side, so people can't abuse it?


We enforce both the filetype and size limits on the server side.

We have some hostname verification and we also also adding in secret keys to sign requests so we can be even more sure.

We also have some checks that look for abnormal upload patterns that have found a couple oddities and will get better with time.


But where can I specify filetype and size limits in my control panel? There's nothing stopping abusers from changing those parameters on the client.


That's a good idea. We had been working under the assumption that you would want to change limits often, but I can see how a per-apikey cap would prevent gross abuse.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: