I've tried to use parse_on_demand as shown in: http://search.cpan.org/~flora/Catalyst-Runtime-5.80007/lib/Catalyst.pm#ON-DEMAND_PARSER

However, I can't seem to stop the upload. I'm testing this simply by creating an action that dies immediately, however the browser seems to upload the very large file I've selected before it ever reaches my action:

sub upload :Local {
    my ($self, $c) = @_;
    die;

    # What I'd like to do is this:
    # if ($c->req->header('Content-Length') > $some_limit) {
    #    die "Upload too large";
    # }
    # ... check filename extension and mime-type...
}

Is this the right way to approach upload validation?

Catalyst handles the upload before dispatch to your action. You will need to intercept earlier in the request handling process and that means a plugin, I suspect.

I am not an expert on uploads with Catalyst, but there may be something out there that already does this, so it's worth a search on cpan... but if not I'd look at how the Upload Progress plugin does what it does to get a status on the current upload. You should be able to kill the upload in a similar way.

JayK

also look at HTML::FormHandler::Model::DBIC which handles both these cases for you within it's built in validation.