aantron
upload raises exception if Content-Type is not multipart/form-data
This check is done in a couple of places:
https://github.com/aantron/dream/blob/2386083170766255021171870b8568d1c8c933b5/src/server/upload.ml#L102-L115
The problem is that the exception that is raised is an undifferentiated Failure. This is mostly okay when handling requests from live users (as they'll just see whatever error page produced by your installed error handler/template), but is much less useful in an API context, where one would much rather produce a 400 bad request response, rather than and (erroneous) 500 internal server error.
ISTM that the upload functions that raise this failure should either return a result carrying a potential array of informative error types, or a distinct exception type be raised so that callers can issue an appropriate response.
I don't know if something changed between then and now, but I am actually getting a 400 Bad Request. Repro:
diff --git a/example/g-upload/upload.eml.ml b/example/g-upload/upload.eml.ml
index 2471a4a..07e5b4c 100644
--- a/example/g-upload/upload.eml.ml
+++ b/example/g-upload/upload.eml.ml
@@ -1,7 +1,7 @@
let home request =
<html>
<body>
- <form method="POST" action="/" enctype="multipart/form-data">
+ <form method="POST" action="/" enctype="application/form-data">
<%s! Dream.csrf_tag request %>
<input name="files" type="file" multiple>
<button>Submit!</button>
@@ -33,7 +33,7 @@ let () =
Dream.html (home request));
Dream.post "/" (fun request ->
- match%lwt Dream.multipart request with
+ match%lwt Dream.multipart ~csrf:false request with
| `Ok ["files", files] -> Dream.html (report files)
| _ -> Dream.empty `Bad_Request);
Here's the log:
10.08.25 21:17:02.453 dream.logger INFO REQ 2 POST / ::1:61882 fd 8 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
10.08.25 21:17:02.453 dream.logger WARN REQ 2 400 in 305 μs
@cemerick can you confirm?
