I want to replicate this part of Python code in Delphi using Indy:
postdata = {'data': '{"data":{"xMode":0,"overrideOS":1,"messageId":"","vmProfileList":"11","submitType":"0","url":""},"filePriorityQ":"run_now" }'}
file_up = {'amas_filename':open('/home/samples/temp/vtest32.exe','r')}
file_upload_req=requests.post(url,postdata,files=file_up,headers=headers,verify=False)
I tried it like this:
Params.AddFormField('data', '{"data":{"xMode": '+ xMode +',"analyzeAgain":1,"overrideOS":1,' +
'"vmProfileList":"' + DBProfileID.Value + '","submitType":0,"url":""}}');
Params.AddFile('amas_filename', DBTestFilePath.Value, GetMIMEType(DBTestFilePath.Value));
Params.Position := 0;
HTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
JSON := HTTP1.Post(URL, Params);
but it gives me a HTTP error "HTTP/1.0 400 Bad Request" and webserver says "Bad Request. Check input data and payload size". I know the data size is small enough.
This is the request from client and response from the server:
Client Side Says
POST /php/fileupload.php HTTP/1.0
Content-Type: multipart/form-data; boundary=--------031317093926335
Content-Length: 248815
VE-SDK-API: <<APIKEYWasHere>>
Host: Server_IP
Accept: application/vnd.ve.v1.0+json
Accept-Encoding: identity
User-Agent: Mozilla/3.0 - NBL
Cookie: PHPSESSID=<<Cookie_Was_Here>>
----------031317093926335
Content-Disposition: form-data; name="data"
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
{"data":{"xMode": 0,"analyzeAgain":1,"overrideOS":1,"vmProfileList":"2=
4","submitType":0,"url":""},"filePriorityQ":"run_now"}
----------031317093926335
Content-Disposition: form-data; name="amas_filename"; filename="Process.exe"
Content-Type: application/x-msdownload
Content-Transfer-Encoding: binary
MZP
<<FileDataWasHere>>
Server Service Says
HTTP/1.0 400 Bad Request
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
Cache-Control: no-store, no-cache, must-revalidate, private,max-age=0
Cache-Control: no-store, no-cache, must-revalidate, private,max-age=0
Pragma: no-cache
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-type: text/html; charset=UTF-8
Content-Length: 89
Connection: close
Date: Mon, 13 Mar 2017 06:39:19 GMT
Server: Server FIPS
{"success":false,"errorMessage":"Bad Request. Check input data and payload size(<=200M)"}
What is wrong with my code?
PS: I have not done a file upload with form data before.
Next time you have trouble interacting with someone else's API, you should indicate what that API actually is so people have a chance to look up its documentation to see if anything is missing or wrong. In this case, you appear to be using the McAfee Advanced Threat Defense API.
A few things that stand out to me in your shown HTTP request:
HTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
This is just plain wrong. The correct content type is multipart/form-data
instead. However, TIdHTTP
handles this for you when posting a TIdMultipartFormDataStream
, so you don't need to assign a value to the Request.ContentType
property at all, TIdHTTP
will just overwrite it. But that does not change the fact that there is a bug in your code nonetheless.
Accept-Encoding: identity
This indicates to me that you are using an older version of Indy. You should consider upgrading to a more recent version. TIdHTTP
no longer sends identity
in the Accept-Encoding
request header unless the TIdHTTP.Request.AcceptEncoding
property contains other values, which is not the case here. Some servers have trouble handling Accept-Encoding: identity
when explicitly stated in a request, which is why it is no longer sent by default.
Content-Type: text/plain
Your JSON field should have a Content-Type
of application/json
, or maybe even application/vnd.ve.v1.0+json
in this API. The default is text/plain
when not specified otherwise. AddFormField()
has an AContentType
parameter for this purpose. The web server might be sensitive to that value. JSON is also typically encoded using UTF-8, so you should indicate that as well. AddFormField()
has an ACharset
parameter for that purpose.
Content-Transfer-Encoding: quoted-printable
Your JSON string is being encoded using quoted-printable
, which is normally fine for textual content in MIME, however not all web servers handle that in webform submissions, and it may not be appropriate for non-text/...
media types, like JSON. AddFormField()
returns a TIdFormDataField
object. To disable the QP encoding, you can set the TIdFormDataField.ContentTransfer
property to either 8bit
or binary
.
That being said, try something more like this:
Params.AddFormField('data', '{"data":{"xMode": ' + xMode + ',"analyzeAgain":1,"overrideOS":1,' +
'"vmProfileList":"' + DBProfileID.Value + '","submitType":0,"url":""}}',
'utf-8',
'application/json'
).ContentTransfer := '8bit';
// using GetMIMEType() to specify the ContentType is redundant as
// AddFile() already does that internally for you using Indy's own
// GetMIMETypeFromFile() function...
Params.AddFile('amas_filename', DBTestFilePath.Value);
JSON := HTTP1.Post(URL, Params);
If that still does not work for you, I suggest you contact McAfee directly for further help.