Wow okay this is interesting so if I am understanding correctly, we basically need to create one request that returns url and other information in the header, and then a second request that actually sends the file to the aforementioned url.
@Jici you mention this might be a security issue as the endpoint seems exposed in the sense that anyone can upload data to anyones bubble db if they are clever enough? Or am I misunderstanding? Can they read data from the file system with that url and credentials?
The /fileupload is already open and this is a known security issue since a long time @aresh The only thing you can do, is to upload file.There’s no DB security related to that and I’m not scare about DB security. This is not a huge security issue, but this mean that anyone can upload a file to your app storage. They will show in file manager, but that’s all. Also, file cannot be “executed” on the server. So it’s only for storage. But someone could upload illegal content to your app and you could run in trouble because of that. Also, they could load your app storage so your user cannot upload file anymore because you reach maximum allowed storage according to your plan.
What I found is that there’s another way to upload larger file using a different two step request
