Upload file with form data using Delphi Indy HTTP

2019-08-01 02:54发布

问题:

I want to replicate this part of Python code in Delphi using Indy:

postdata = {'data': '{"data":{"xMode":0,"overrideOS":1,"messageId":"","vmProfileList":"11","submitType":"0","url":""},"filePriorityQ":"run_now" }'}
file_up = {'amas_filename':open('/home/samples/temp/vtest32.exe','r')}
file_upload_req=requests.post(url,postdata,files=file_up,headers=headers,verify=False)

I tried it like this:

Params.AddFormField('data', '{"data":{"xMode": '+ xMode +',"analyzeAgain":1,"overrideOS":1,' +
                            '"vmProfileList":"' + DBProfileID.Value + '","submitType":0,"url":""}}');
Params.AddFile('amas_filename', DBTestFilePath.Value, GetMIMEType(DBTestFilePath.Value));
Params.Position := 0;
HTTP1.Request.ContentType := 'application/x-www-form-urlencoded';
JSON := HTTP1.Post(URL, Params);

but it gives me a HTTP error "HTTP/1.0 400 Bad Request" and webserver says "Bad Request. Check input data and payload size". I know the data size is small enough.

This is the request from client and response from the server:

Client Side Says

POST /php/fileupload.php HTTP/1.0
Content-Type: multipart/form-data; boundary=--------031317093926335
Content-Length: 248815
VE-SDK-API: <<APIKEYWasHere>>
Host: Server_IP
Accept: application/vnd.ve.v1.0+json
Accept-Encoding: identity
User-Agent: Mozilla/3.0 - NBL
Cookie: PHPSESSID=<<Cookie_Was_Here>>

----------031317093926335
Content-Disposition: form-data; name="data"
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

{"data":{"xMode": 0,"analyzeAgain":1,"overrideOS":1,"vmProfileList":"2=
4","submitType":0,"url":""},"filePriorityQ":"run_now"}
----------031317093926335
Content-Disposition: form-data; name="amas_filename"; filename="Process.exe"
Content-Type: application/x-msdownload
Content-Transfer-Encoding: binary

MZP
<<FileDataWasHere>>

Server Service Says

HTTP/1.0 400 Bad Request
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
Cache-Control: no-store, no-cache, must-revalidate, private,max-age=0
Cache-Control: no-store, no-cache, must-revalidate, private,max-age=0
Pragma: no-cache
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-type: text/html; charset=UTF-8
Content-Length: 89
Connection: close
Date: Mon, 13 Mar 2017 06:39:19 GMT
Server: Server FIPS

{"success":false,"errorMessage":"Bad Request. Check input data and payload size(<=200M)"}

What is wrong with my code?

PS: I have not done a file upload with form data before.

回答1:

Next time you have trouble interacting with someone else's API, you should indicate what that API actually is so people have a chance to look up its documentation to see if anything is missing or wrong. In this case, you appear to be using the McAfee Advanced Threat Defense API.

A few things that stand out to me in your shown HTTP request:

  1. HTTP1.Request.ContentType := 'application/x-www-form-urlencoded';

    This is just plain wrong. The correct content type is multipart/form-data instead. However, TIdHTTP handles this for you when posting a TIdMultipartFormDataStream, so you don't need to assign a value to the Request.ContentType property at all, TIdHTTP will just overwrite it. But that does not change the fact that there is a bug in your code nonetheless.

  2. Accept-Encoding: identity

    This indicates to me that you are using an older version of Indy. You should consider upgrading to a more recent version. TIdHTTP no longer sends identity in the Accept-Encoding request header unless the TIdHTTP.Request.AcceptEncoding property contains other values, which is not the case here. Some servers have trouble handling Accept-Encoding: identity when explicitly stated in a request, which is why it is no longer sent by default.

  3. Content-Type: text/plain

    Your JSON field should have a Content-Type of application/json, or maybe even application/vnd.ve.v1.0+json in this API. The default is text/plain when not specified otherwise. AddFormField() has an AContentType parameter for this purpose. The web server might be sensitive to that value. JSON is also typically encoded using UTF-8, so you should indicate that as well. AddFormField() has an ACharset parameter for that purpose.

  4. Content-Transfer-Encoding: quoted-printable

    Your JSON string is being encoded using quoted-printable, which is normally fine for textual content in MIME, however not all web servers handle that in webform submissions, and it may not be appropriate for non-text/... media types, like JSON. AddFormField() returns a TIdFormDataField object. To disable the QP encoding, you can set the TIdFormDataField.ContentTransfer property to either 8bit or binary.

That being said, try something more like this:

Params.AddFormField('data', '{"data":{"xMode": ' + xMode + ',"analyzeAgain":1,"overrideOS":1,' +
                            '"vmProfileList":"' + DBProfileID.Value + '","submitType":0,"url":""}}',
                    'utf-8',
                    'application/json'
).ContentTransfer := '8bit';

// using GetMIMEType() to specify the ContentType is redundant as
// AddFile() already does that internally for you using Indy's own
// GetMIMETypeFromFile() function...
Params.AddFile('amas_filename', DBTestFilePath.Value);

JSON := HTTP1.Post(URL, Params);

If that still does not work for you, I suggest you contact McAfee directly for further help.