diff options
author | Julien Veyssier <eneiluj@posteo.net> | 2022-09-06 14:47:35 +0300 |
---|---|---|
committer | Julien Veyssier <eneiluj@posteo.net> | 2022-09-06 15:44:54 +0300 |
commit | 9764e64f732e53e6c3200405c02f3ccd2ccfa88a (patch) | |
tree | 200fade850ed30a8c07e5f0854a6c084a0976956 | |
parent | 5dae5284c4dfcf80c5c8a71c932b0461092e3406 (diff) |
pass upload auth params as GET-like ones to avoid authentication error when exceeding post_max_size, log upload auth error
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
-rw-r--r-- | lib/Controller/AttachmentController.php | 7 | ||||
-rw-r--r-- | src/services/SyncService.js | 8 |
2 files changed, 10 insertions, 5 deletions
diff --git a/lib/Controller/AttachmentController.php b/lib/Controller/AttachmentController.php index cbe983cfa..df028e93e 100644 --- a/lib/Controller/AttachmentController.php +++ b/lib/Controller/AttachmentController.php @@ -116,7 +116,12 @@ class AttachmentController extends Controller { */ public function uploadAttachment(int $documentId, int $sessionId, string $sessionToken, ?string $shareToken = null): DataResponse { if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) { - return new DataResponse([], Http::STATUS_FORBIDDEN); + $this->logger->debug('Invalid session found when uploading', [ + 'documentId' => $documentId, + 'sessionId' => $sessionId, + 'sessionToken' => $sessionToken + ]); + return new DataResponse(['error' => 'Upload error, unauthorized action'], Http::STATUS_FORBIDDEN); } try { diff --git a/src/services/SyncService.js b/src/services/SyncService.js index c8dc3d8d3..57b669f8a 100644 --- a/src/services/SyncService.js +++ b/src/services/SyncService.js @@ -272,11 +272,11 @@ class SyncService { uploadAttachment(file) { const formData = new FormData() formData.append('file', file) - formData.append('documentId', this.document.id) - formData.append('sessionId', this.session.id) - formData.append('sessionToken', this.session.token) - formData.append('shareToken', this.options.shareToken || '') const url = endpointUrl('attachment/upload') + + '?documentId=' + encodeURIComponent(this.document.id) + + '&sessionId=' + encodeURIComponent(this.session.id) + + '&sessionToken=' + encodeURIComponent(this.session.token) + + '&shareToken=' + encodeURIComponent(this.options.shareToken || '') return axios.post(url, formData, { headers: { 'Content-Type': 'multipart/form-data', |