What is the difference between res.attachment and res.download and when to use which I am bit confused. In my case, I send my form data to the server as a JSON which will create a file out of it and respond with a download link. Which among the two: res.attachment and res.download should I use?
The res.attachment "Sets the HTTP response Content-Disposition header field to “attachment”."
This essentially says, 'Hey, this file should be viewed as an attachment, not a webpage.'
Whereas the res.download "Transfers the file at path as an “attachment”. Typically, browsers will prompt the user for download."
Find more about each HERE
Related
My pdf file is being sent to my server as binary data with Postman as seen in the picture attached.
The content of the file is being parsed on my ExpressJS server with req.on((chunk) => ...) etc.
Everything is fine, except the fact that I try to obtain the original filename(highlighted in red - valid-compressed-compressed.pdf) on the server, but I can't find the value anywhere in the request object.
Any suggestions, please?
Short answer: you cant.
If you look closely at the headers being sent with the request, there are no headers containing the filename. Therefore there are no headers you can access in express to retrieve that information. The only headers you send are Content-Type and Content-Length that gives some information about what you're sending. Other than that there's just the binary request body.
If you want to post a file and the filename you need to look into multipart/form-data (Multer).
const binary = xxxxx;
res.set('Content-Type', 'image/jpg');
res.send(binary);
The above is sample on returning an image, defining on express route. What I don't understand is that despite I change Content-Type to application/json, it seems to work too?
const binary = xxxxx;
res.set('Content-Type', 'application/json'); //Still returning an image?
res.send(binary);
The Content-Type header merely indicates the media type of the resource. Browsers can use MIME sniffing and completely ignore it in some cases. To prevent this behaviour, you can set X-Content-Type-Options to nosniff.
A question arises: do I even need to set this entity header? Without setting it you force browsers to sniff the MIME type every single time and thus potentially interpret and display the response body as a content type other than the intended one. If your server allows the user to upload files, a hacker can carry out an XSS attack by manipulating the content in a way to be accepted by the web application and rendered as HTML by the browser. He can inject code in e.g. an image file and make the victim execute it by viewing the image.
I'm developing a RESTful API for a mobile client application with the combination of Node.js, Express.js and Mongodb.
Now I'm trying to handle the upload of the user profile image and I've found a module called "multer" (that is the one ecommended by express.js team itself) that allow the express.app to handle multipart/form-data requests.
Now I need to test the app and, moreover, the upload function but I'm not able to simulate a http-form request (via postman chrome plugin).
Multer returns this error:
[Error: Multipart: Boundary not found]
In fact, comparing an http-form request (which works) with a custom http request, the second one has not the Boundary header property.
What Boundary property is?
If you are using Postman, you can try removing the Header: "Content-type": "multipart/form-data". I removed it and now it works.
Boundary in a multipart form indicates some delimiter string separating text and binary data. You can do this in postman but it sounds like you aren't sending both file and text so postman maybe defaults to a regular form. do you see something like:
If you click preview in postman you can see the boundary in the Content-type header and in the body.
solutions:
1) don't specify the content-type at client
2) use the naming convention(imageUpload) in upload.single('imageUpload') same as field name
I've written an express web app route that is essentially a proxy - it pipes the contents of an input stream (a zip file) into the server response's output stream.
I'd like the browser to prompt the user for download or whatever is most appropriate for a zip file. However, when I load this route in a browser, the contents of the input stream (the zip file's contents) show up in the browser window as text, rather than prompting a download. l
This is the code sending the response:
res.statusCode = 200;
res.setHeader ('Content-Length', size);
res.setHeader ('Content-Type', 'application/zip');
console.log ("content-type is " + res.header('Content-Type'));
inputStream.pipe (res);
The console.log statement above outputs "content-type is application/zip".
However, when I examine the request in Chrome's network tab, I see that the response's content-type is "application/json". This implies that express, or something else, is overriding my content-type header, or perhaps has already sent it.
Does anyone know what is changing the content-type on me, and how I could make sure the content-type is the one I set?
Thanks for any help.
You should check the order of the middleware, it's really tricky and can mess things up if they are in the correct order.
You can check the correct order here in the Connect webpage
I'm looking to implement an API similar to Imgur's upload feature: http://api.imgur.com/resources_anon#upload. In other words, a user should be able to upload an image by POSTing to /upload with an image file without using a form, ie through AJAX without setting the Content-Type header (just like Imgur). However, the only example I can find is the following: https://github.com/visionmedia/express/blob/master/examples/multipart/app.js
Question: How should I implement such an API? My concern is that Express won't interpret the command as multipart/form-data.
Assuming the client sets the upload request's Content-Type properly (which it will if the form used for the upload has the correct enctype attribute) and you use express.bodyParser(), express will handle everything correctly.