[Standards] Questions regarding XEP-0363: HTTP File Upload

Daniel Gultsch daniel at gultsch.de
Wed Sep 7 11:34:31 UTC 2016


you can implement upload access control in two ways. First of all the PUT
URL can differ from the GET URL. Thus the PUT Url can be kept secret. You
can put 'tokens' into the filepath of the URL itself. For example
https://server.tld/somegeneretadsecret/foo.png. On top of that you can make
those URLs write once. This is what most current implementations of HTTP
Upload do.


2016-09-07 12:05 GMT+02:00 vaibhav singh <vaibhavsinghacads at gmail.com>:

> Hi all,
> I was reading up on  XEP-0363: HTTP File Upload and am not able to make
> sense of some things referenced in the XEP.
> 1.) Is the PUT URL being sent to the Receiver the final PUT URL to be used
> for uploading the file, or can it be modified by the Receiver, which can
> then construct the final GET URL, the URL where the file is located?
> This question crept up because I could not see any way of using file
> upload services like Google Drive or Dropbox, essentially services which
> require some kind of access control.
> 2.) If the PUT URL cannot be modified by the Receiver, what do you suggest
> can be done to use services with access control? With whom should the
> burden of access control lie in this case?
> 3) If the XEP can be used only for non-access controlled HTTP servers, how
> is it any different from say, using XEP-215 (External Service Disovery) and
> getting access to the HTTP servers that way?
> 4) I saw somewhere that Conversations client has already implemented the
> XEP. Are they using non-access controlled HTTP or WebDAV servers to upload
> the files?
> I really feel that the XEP could be expanded to include services which
> require access control, but am not sure how to proceed with it. any help
> would be really appreciated.
> --
> Regards,
> Vaibhav Singh
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160907/503d03b2/attachment.html>

More information about the Standards mailing list