How is the mime type indentified in the Upload/MemoryBuffer ?


on Upload you can set setAcceptedFileTypes(... mime types ...) and if using MemoryBuffer you can get FileData and mime type of the uploaded file.

But how is this evaluated ? It is the browser that calculate it ? It is just based on extension?

What I am asking if this is a value that I can trust or have I to revalidate the data and recalculate the mime type? Just to prevent user uploading bad files.

Thanks for the help.

Searching around I found this is an header that the browser send about the mime type cannot be trust

Never trust anything provided by the client. You should also revalidate your expectation on the server, as example with Apache Tika’s Mime Type “Guessing”