supabase-js icon indicating copy to clipboard operation
supabase-js copied to clipboard

Published 20 hours ago verified publisher icon supabase

`createSignedUploadUrl` does not validate mime type.

Open saqibameen opened this issue 1 year ago • 1 comments

Bug report

  • [x] I confirm this is a bug with Supabase, not with my own application.
  • [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

If I create a signed upload url using createSignedUploadUrl and upload a file with a different mime type, it does not stop.

E.g., 1- create signedUploadUrl for file.md 2- upload test.pdf buffer with Content-Type: application/pdf in headers ✅ Successfully uploaded

1- create signedUploadUrl for file.md 2- upload test.pdf buffer with Content-Type: text/markdown in headers ✅ Successfully uploaded

To Reproduce

Do following on the above two test cases:

  1. create SignedUploadUrl
  2. Upload file

Expected behavior

It should give error that mime type does not match.

Screenshots

NA

System information

  • OS: macOS
  • Version of supabase-js: 2.44.4
  • Version of Node.js: NA (using cloudflare worker)

saqibameen avatar Jul 18 '24 19:07 saqibameen

I made a PR for this issue : https://github.com/supabase/storage-js/pull/210

anonymousRecords avatar Sep 29 '24 07:09 anonymousRecords

I recognize this is a bug, but it needs to be fixed on the server side. There's an issue open here: https://github.com/supabase/storage/issues/639 I'll escalate with the team!

Thank you very much for your contribution!

mandarini avatar Oct 08 '25 12:10 mandarini