A practical implementation of this would probably want to do a couple things: 1.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		foota on Feb 13, 2017 \| parent \| context \| favorite \| on: Serverless File Uploads – Netlify A practical implementation of this would probably want to do a couple things: 1. As you mention, make sure they can't overwrite files 2. Have a content type whitelist on the requestUploadURL function 3. Maybe authentication to keep track of who is submitting these requests? Assuming that you're okay allowing someone to upload files with a given content-type to your bucket is there anything I'm missing?

mnutt on Feb 13, 2017 [–]

For #1, I would probably disallow writing to arbitrary paths and instead generate a path prefix using a UUID and return that to the client to ensure that every upload is unique.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact