I need to upload a file (method POST and Content-Type: image/jpeg) with some additionnal information (folderId and userId).
For some reason, on the client side, multipart/form-data is not an option
I thought of passing the folderId and userId in the HTTP headers and the image (jpeg) in the payload.
Does this solution sound OK or is there any other/cleaner way to do ?
Does it look correct and secure in a REST context ?
Note:
Client side would be iOS
No client js in the mean time. If there is a JS client, folderId and userId wont be given by the user through a form.
Related
I have a .pdf object stored in Google Cloud Storage with Content-Type = application/octet-stream.
When giving temporary access through a signed URL, I extend the URL with:
&response-content-type=application%2Fpdf
Nevertheless, the response coming back from Google Cloud Storage still contains Content-Type = application/octet-stream
Inspecting the request + response through the browser confirms this behaviour.
According to the documentation (https://cloud.google.com/storage/docs/xml-api/reference-headers#responsecontenttype) the response-content-type should ensure Content-Type = application/pdf in my example.
For another usecase, I am succesfully making use of the Content-Disposition override via response-content-disposition, so I am very curious why the response-content-type is not working for me.
Anyone any idea what I am missing to make this work?
Thanks!
As per documentation signed URLs are not authenticated GET requests that support content-type override.
Query String Parameters like response-content-disposition and response-content-type are not verified by the signature. To force a Content-Disposition or Content-Type in the response, set those parameters in the object metadata using gsutil or the XML/JSON API.
I am designing a RESTful API when I noticed something strange.
When I make a POST request for creating a new record, the form data is sent in request payload.
But when I make a PUT request to update a record, it appends form data in the URL, very similar to GET request.
Now a URL has certain length limit. So what would happen if PUT request has larger data than this limit.
Will the PUT request fail?
Is it unsafe to use PUT instead of POST to update a record having large form data?
EDIT:
I am using NodeJS server. I am using restangular(angular framework) to build my PUT request.
Use customPUT to send the form data in payload.
baseObj.customPUT(newObj).then(function(xyz){})
Have a look at these threads
Can HTTP PUT request have application/x-www-form-urlencoded as the Content-Type?
PHP multipart form data PUT request?
application/x-www-form-urlencoded or multipart/form-data?
Sounds like you can basically set a Content-type: multipart/form-data header and be golden. Basically comes down to configuration of the request with restangular and support thereof on the NodeJS server.
I got this problem, I have built a rest api and I don't know how to deal with this:
When the javascript client (Marionette.js) is in charge of making the views, I don't have problems, because as it is known, it just requests an url (e.g. example.com/user/37), the server retrieves a json with {id:'37', name:'Peter', age:'24'} (there is one controller class named User) and Marionette shows that data in the view. But if the user enter to example.com/user/37 by the browser it will show just {id:'37', name:'Peter', age:'24'} without any view. What can I do if I want to see the same view in both cases?
If you're trying to serve up HTML or JSON from the same endpoint then your server should be making that decision based on the request's Accept header. If the request's Accept header is application/json then your server should return just the JSON ortherwise return the HTML.
You can see that SoundCloud uses the same technique for returning XML or JSON from their API:
Resources are returned as XML by default, or JSON if a .json extension is appended to the resource URI. We encourage you to use JSON. You can also send an appropriate Accept header specifying the format you would like. For example, a request with the header Accept: application/json will return resources represented as a JSON document.
What you are trying to do is pratically impossible.
why ?
When your first enter the url example.com it's the server that responds with all the artifacts that compose your application (html, js, css ...) and the browser display it.
Now, when you enter ther url example.com/user/37 the server only sends the JSON data without any html, js or css, so the browser display the raw data he received.
What you are trying to do is to force the server to give two responses (JSON or html/js/css) depending on the user request.
You can do it, but it would be so complicated that's not worth the efforts.
I'm working on a REST API using the FOSRestBundle and I'd like to be able to use the same URL for returning HTML and JSON depending on the request Accept header; i.e. if you call the URL directly from a browser (Accept : text/html etc) HTML is returned from a twig file, if you are making an AJAX request (Accept : application/JSON etc), JSON is returned using the FOSRestBundle.
Currently I can get this to work by throwing a small if statement at the top of each function to check the request accept header, if it's asking for HTML it returns the twig file, if it's asking for JSON it hits the service.
You should rather send "Accept" header with your requests. Read content negotiation (“Accept” HTTP header) based routing in symfony2.0 and Format listener.
The request scope does not exist when run in command line mode, I had to remove request from each constructor and the problem disappeared.
I am posting (HTTP POST) various values to the posterous api. I am successfully able to upload the title, body, and ONE media file, but when I try to add in a second media file I get a server 500.
They do allow media and media[] as parameters.
How do I upload multiple files with the iPhone SDK?
The 500 your getting is probably based on one of two things:
An incorrect request
An error on the server
Now, if its an incorrect, the HTTP server would be more helpful responding back with like a 415 (unsupported media type) or something. A 500 insists that something went wrong on the server and that your request was valid.
You'll have to dig into the server API or code (if you wrote it), or read the docs and figure out what's wrong with your second request ... seems like maybe your not setting the appropriate media type?
EDIT: Ok, so I looked at the API. It appears your posting XML, so your request content-type should be
Content-Type: application/xml
The API doc didn't specifically say, but that would be the correct type.
EDIT: Actually on second glance, are you just POSTing w/URI params? Their API doc isn't clear (I'm also looking rather quickly)