dmitry-dedukhin / mruploader Goto Github PK

On fast computer
SessionId = (1100000000 + new Random().Next(10000000, 99999999)).ToString();
may give same value for different small files same application run. New Random instance is seeded by time, so if two instances are started in same time tick (ms) then both generate same pseudo-random sequences on Next.
The solution is to instantiate Random() once for app lifecycle - static variable within FileUpload class would be best here.

I cannot seem to cancel the upload from inside newUploadCallback(). For example, I want to be able to do this:

function newUploadCallback(fileUploaderId, fileName, fileSize, timestamp, totalSelectedFilesCount) {
  if (fileSize > 1000000) {
    var slhost = document.getElementById('SLOBJ');
    slhost.content.API.cancelUpload(sessionId);
    return false;
  } else { // Success }
}

There seems to be a content() object in that method chain, but the API() object is missing. Those two lines were pasted directly from of the cancelUpload() function.

After resuming a previously interrupted upload, MrUploader passes the old request params, from the original request.

The problem this causes in Rails. Rails has cross-site-forgery protection using a CSRF Token that it passes in the request parameters.

While upload is in progress, interrupt it by logging out. Log back in. At this point, that user has a new CSRF Token embedded in the HTML of their pages. Upload the same file again using MrUploader. MrUploader passes the old CSRF Token from the original upload. The upload proceeds to 100%, then fails - because the CSRF Tokens don't match. When that happens, we have our site set to redirect to the login page. That 302 redirect response crashes MrUploader [because of issue #3].

200 and 201's are OK.

When MrUploader receives any non-200 response - for example redirects [300's], 404's, 500's, etc - it crashes. I've seen this behavior in IE 8 on XP, IE 9 on Win 7, all latest versions of Chrome on Win 7, and all latest Firefox version on Win 7. In IE 8, the entire browser tab crashes. In Chrome, only the plugin crashes.

Most of this can be worked around programmatically between your server-side language [Ruby, PHP, etc.] and JavaScript. But unfortunately, when Nginx completes a resumed upload, it returns a "302 Found" response, and also crashes MrUploader. I'm not sure there is any way around this, as I think this is hardcoded default behavior of the Nginx Upload Module.