上传文件的大小 [英] Size of uploaded file

问题描述

将文件上传到服务器时，Web 浏览器是否会在 http 标头中发送文件大小?如果是这样的话，是否可以只通过读取文件头来拒绝文件，而不是等待整个上传过程完成?

Do web browsers send the file size in the http header when uploading a file to the server? And if that is the case, then, is it possible to refuse the file just by reading the header and not wait for the whole upload process to finish?

推荐答案

http://www.faqs.org/rfcs/rfc1867.html

HTTP 客户端是鼓励为整个文件输入提供内容长度，以便繁忙的服务器可以检测建议的文件数据是否太大而无法存储合理处理

但内容长度不是必需的，因此您不能依赖它.此外，攻击者可以伪造错误的内容长度.

But the content-length is not required, so you cannot rely on it. Also, an attacker can forge a wrong content-length.

读取文件内容是唯一可靠的方法.话虽如此，如果内容长度存在并且太大，关闭连接将是合理的做法.

To read the file content is the only reliable way. Having said that, if the content-lenght is present and is too big, to close the connection would be a reasonable thing to do.

此外，内容是作为多部分发送的，因此大多数现代框架首先对其进行解码.这意味着在框架完成之前您不会获得文件字节流，这可能意味着直到整个文件被上传".

Also, the content is sent as multipart, so most of the modern frameworks decode it first. That means you won't get the file byte stream until the framework is done, which could mean "until the whole file is uploaded".

这篇关于上传文件的大小的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！