[MGNLUI-5319] Dam upload fields blocked by mod_security when using the drag&drop option Created: 13/Aug/19  Updated: 18/Aug/21

Status: Accepted
Project: Magnolia UI
Component/s: None
Affects Version/s: 5.7.4, 6.1.1
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Mercedes Iruela Assignee: Unassigned
Resolution: Unresolved Votes: 3
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File DragDrop-RequestHeader-NOT-OK.png     PNG File UploadButton-RequestHeader-OK.png    
Issue Links:
causality
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Epic Link: Support
Story Points: 3

 Description   

When then drag and drop functionality a wrong request is sent:

Content-Type=multipart/form-data

So when mod_security is active the request is blocked and the following error is returned because there is no boundary included in the request, this boundary is expected to be added to a multipart request. (https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html).

...ModSecurity: Multipart parsing error (init): Multipart: Boundary not found in C-T. [hostname "magnolia3.portal.at"] [uri ".../.magnolia/admincentral/APP/UPLOAD/0/200/rec-4/394f45b3-3c15-4bfa-956f-08512c65a55d"] [unique_id "XUvDdywTZpuUHMBtIWpOnAAAADo"]

In case of Upload button, the request is sent correctly.

Should that upload even have the form content type in the first place?


Generated at Mon Feb 12 09:25:21 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.