This support forum is no longer in use. Please use the Cloudinary Community at https://community.cloudinary.com/ to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

What is the proper way to handle signed client upload (via XHR) in Django?

Interio

October 10, 2017 05:29

The process I use for signed client side upload is this

1. Generate an API key (along with relevent options etc) and pass it along to the client.

2. Client upload file using XHR and receives the payload.

3. Client sends payload to server.

4. Server populate a CloudinaryField from the payload.

Two questions

1. Is there a way to verify the payload sent from the client? Maybe a checksum signed using the server password? (see hoe google Recaptcha words as an example).

2. What is the proper way to populate a CloudinaryField from an absolute image URL? From what I could see the CloudinaryField is a file Field holding the relative path of the photo in cloudinary. In the payload sent from the client the path is absolute. I'm trying to avoid having to strip it my self and i was wondering if there is a build-in way to populate a CloudinaryField from client payload.

3. Is it possible to receive a callback to the server with the payload when a client upload using XHR finishes?

Comments

1 comment

Daniel Mendoza

October 22, 2017 12:28
@Interio

We apologize for the late reply.

1. Is there a way to verify the payload sent from the client? Maybe a checksum signed using the server password? (see hoe google Recaptcha words as an example)?

The signature of the upload can be verified by comparing the return signature. By using the public_id and version from the upload response, you can use the api_secret on your server to generate the signature and compare them.
- expected_signature = cloudinary.utils.api_sign_request(dict(public_id=public_id, version=version),cloudinary.config().api_secret)
2. What is the proper way to populate a CloudinaryField from an absolute image URL?

I have found a Cloudinary function that will generate the needed string to populate CloudinaryField:
```
from cloudinary import CloudinaryResource

. . .
res = CloudinaryResource(public_id='test', type='upload', resource_type='image', version=123456789, format='png')

print(res.get_prep_value())
```
The output produced would be "image/upload/v123456789/test.png".

3. Is it possible to receive a callback to the server with the payload when a client upload using XHR finishes?

There are three options that can be done:
- In the Django sample project, the `cloudinarydone` call back response can be used, more information can be found here: https://github.com/cloudinary/cloudinary-django-sample/blob/master/photo_album/templates/upload.html#L82-L96
- A `notification_url` webhook can be set up to your server by adding it to your upload API call (e.g. notification_url="www.example.com/...") or setting a global `Notification URL` in your Cloudinary Upload Settings (https://cloudinary.com/console/settings/upload).
- The webhook signature can be verified by following the steps in this blog: https://support.cloudinary.com/hc/en-us/articles/115001302471-How-to-validate-Cloudinary-webhooks-signature-
0

Comment actions Permalink

Post is closed for comments.