When using Cloudinary's Upload Widget to allow your clients to upload media directly from their browser, you might want to restrict the upload requests by only allowing a signed upload to be accepted by Cloudinary.
Therefore, you can set your upload presets to be signed presets, which means a signature is always required.
However, generating a signature should never be performed client-side as it requires your API Secret which must not be exposed publicly under any circumstance.
Although the signing is done server-side, all other aspects of the upload are performed by the client.
Below you can find an interactive code of both the client-side and the server-side code required for making a successfully signed upload widget request.