0

So Im getting that same error from chrome everyone gets that doesn't allow same origin. I am running angular-4.x as localhost:4200. Im also running iss localhost:#####5. So I made a cors policy and enabled it. My IFormfile parameter keeps showing up as null when while debugging:

public async Task<IActionResult> Picload(IFormFile file)//---always null

so this was weird because when I checked the HttpContext to do further digging I found the my Image from angular in:

  var file =  _accessor.HttpContext.Request.Form.Files[0];

the accessor is using the singleton via startup and injected in the Controller Constructor so is this safe security wise and efficient. I am checking the file extentions. I feel like I finally beat chrome but have no clue what else Im conjuring by doing this.

Mohamoud Mohamed
  • 487
  • 6
  • 14
  • Very hard to guess what you are doing wrong without good [MCVE], only random guess is you are not matching file element ID to action parameter... – Alexei Levenkov Mar 02 '18 at 03:40
  • Hi sorry for the late reply. The code works fine. Ive tested it on post man its just chrome blocks same origin even if you enable Cors.But My question is, ripping the file out of the request using Http.context.Request.Form resource intensive or secure? – Mohamoud Mohamed Mar 02 '18 at 13:13
  • 1
    Technically, that's the same thing the modelbinder is doing, anyways. However, the file should be binding to your action param. If it's not, *that's a problem you need to solve*. Don't just side-step it by digging directly into `Request`. – Chris Pratt Mar 02 '18 at 15:54
  • That is interesting. Yea the IFormFile is null while passing through the action param I suspect it is chrome same origin since domains both begin with localhost. – Mohamoud Mohamed Mar 02 '18 at 16:02
  • @MohamoudMohamed same origin does not apply to POST requests... Just FYI if you ever asked about it. – Alexei Levenkov Mar 04 '18 at 18:23

1 Answers1

0

Using HttpContext.Request.Form.Files[0] will work just fine as it is just another way to access fields of a POST request (also normally you should not do that in ASP.Net/WebAPI code)

Notes

  • reaching deep into lower level objects likde HttpRequest loses benefits of having actions to take parameters (unit testing is much harder if you have to mock request).
  • null value of the action's parameter indicates that client side code does not behave the way you want - it likely sends file from control with different name. It would be much better to understand why it happened and fix the problem (i.e. you may be using wrong name for parameter in the action) rather than trying to hack around.
Alexei Levenkov
  • 94,391
  • 12
  • 114
  • 159
  • The reason why it is happening is chrome is blocking the request under same origin policy: see this link : https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome ....Thanks Will mark as answered because you explained the null value via client. – Mohamoud Mohamed Mar 04 '18 at 19:07