Convert a file being required to include it's mimetype in the inkblob

Question

I'm using File Picker for handling files for my web application. In my front end app I have the URL to the file's handle (ex. https://www.filepicker.io/api/file/H7KYuWy1S3e1qvG2M66i), but I don't have it's complete inkBlob.

The file is an image and I want to do a convert operation on this file. It seems that I am required to include the mimetype when calling on the convert function.

Taken from File Picker's API documentation on convert, this works:

var inkblob = {
    url: 'https://www.filepicker.io/api/file/H7KYuWy1S3e1qvG2M66i',
    filename: 'customers.jpg', mimetype: 'image/jpeg',
    isWriteable: false, size: 629454
};

var result = document.getElementById("convert-result");
filepicker.convert(inkblob, {width: 200, height: 200},
    function(new_InkBlob){
        console.log(new_InkBlob.url);
        result.src = new_InkBlob.url;
    }
);

The same code works with an inkblob like this:

var inkblob = {
    url: 'https://www.filepicker.io/api/file/H7KYuWy1S3e1qvG2M66i',
    mimetype: 'image/jpeg',
};

However, the convert does not work if you exclude the mimetype and only include the url.

In my situation it requires me to first do a stat call against the filehandle to retrieve the mimetype from File Picker's API, then send the mimetype right back to filepicker when I do the convert command.

Is it possible to make it so the mimetype is omitted and File Picker looks the mimetype up internally if it isn't included in the convert command?

Answer 1

For other people wanting answer to this question, here are some more information we communicated on mail:

The answer they gave on mail:

For convert() method, mimetype is just a security check to ensure you pass an image. If you pass 'image/jpeg' even if it's not the correct mimetype for the image, it should work just fine. So no need to stat file every time.

My answer back:

Hi, and thanks for your answer.

It sounds to me like the inclusion of mimetype when calling on the convert() function is redundant. You tell me I should be able to simply pass in a fixed mimetype thus I cannot see how this is a useful security check. If you want to ensure the convert command is executed on an image File Picker already knows which mimetype a file has and I believe this should be handled internally when the convert() command is executed not trusting client's claim of a mimetype on a file.

I haven't tried this; but what happens if I do a convert command with mimetype set to 'image/jpeg' on a text file? I guess it will fail which is another reason for me thinking this mimetype requirement on convert command is obsolete.

Answer from filepicker:

This is really just basic protection from accidental passing files other than image to the convert call. I'm aware this can be redundant for you but it works in 95% of cases and we never had issue with this.

Answer 2

For convert() method, mimetype is just a security check to ensure you pass an image. If you pass 'image/jpeg' even if it's not the correct mimetype for the image, it should work just fine. So no need to stat file every time.