如何由浏览器决定上传文件的 mime 类型?

我有一个网络应用程序,用户需要上传一个。压缩文件。在服务器端,我正在检查上传文件的 mime 类型,以确保它是 application/x-zip-compressedapplication/zip

这对我在 Firefox 和 IE 上都很有用。然而,当一个同事测试它时,它在火狐上失败了(发送的 mime 类型类似于“ application/octet-stream”) ,但是在 Internet Explorer 上起作用了。我们的设置似乎是相同的: IE8,FF 3.5.1禁用所有附加组件,Windows XP SP3,WinRAR 作为原生安装。Zip 文件处理程序(不确定是否相关)。

所以我的问题是: 浏览器如何确定要发送的 mime 类型?

请注意: 我知道哑剧类型是由浏览器发送的,因此,不可靠。我只是为了方便而检查它——主要是为了给出一个更友好的错误消息,而不是试图以 zip 文件的形式打开一个非 zip 文件,同时避免加载(可能很重) zip 文件库。

58557 次浏览

This is probably OS and possibly browser dependent, but on Windows, the MIME type for a given file extension can be found by looking in the registry under HKCR:

For example:

HKEY_CLASSES_ROOT.zip - ContentType

To go from MIME to file extension, you can look at the keys under

HKEY_CLASSES_ROOT\Mime\Database\Content Type

To get the default extension for a particular MIME type.

Kip, I spent some time reading RFCs, MSDN and MDN. Here is what I could understand. When a browser encounters a file for upload, it looks at the first buffer of data it receives and then runs a test on it. These tests try to determine if the file is a known mime type or not, and if known mime type it will simply further test it for which known mime type and take action accordingly. I think IE tries to do this first rather than just determining the file type from extension. This page explains this for IE http://msdn.microsoft.com/en-us/library/ms775147%28v=vs.85%29.aspx. For firefox, what I could understand was that it tries to read file info from filesystem or directory entry and then determines the file type. Here is a link for FF https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIFile. I would still like to have more authoritative info on this.

While this is not an answer to your question, it does solve the problem you are trying to solve. YMMV.

As you wrote, mime type is not reliable as each browser has its way of determining it. However, browsers send the original name (including extension) of the file. So the best way to deal with the problem is to inspect extension of the file instead of the MIME type.

If you still need the mime type, you can use your own apache's mime.types to determine it server-side.

I agree with johndodo, there are so many variables that make mime types that are sent from browsers unreliable. I would exclude the subtypes that are received and just focus on the type like 'application'. if your app is php based, you can easily do this by using the function explode(). in addition, just check the file extension to make sure it is .zip or any other compression you are looking for!

Chrome

Chrome (version 38 as of writing) has 3 ways to determine the MIME type and does so in a certain order. The snippet below is from file src/net/base/mime_util.cc, method MimeUtil::GetMimeTypeFromExtensionHelper.

// We implement the same algorithm as Mozilla for mapping a file extension to
// a mime type.  That is, we first check a hard-coded list (that cannot be
// overridden), and then if not found there, we defer to the system registry.
// Finally, we scan a secondary hard-coded list to catch types that we can
// deduce but that we also want to allow the OS to override.

The hard-coded lists come a bit earlier in the file: https://cs.chromium.org/chromium/src/net/base/mime_util.cc?l=170 (kPrimaryMappings and kSecondaryMappings).

An example: when uploading a CSV file from a Windows system with Microsoft Excel installed, Chrome will report this as application/vnd.ms-excel. This is because .csv is not specified in the first hard-coded list, so the browser falls back to the system registry. HKEY_CLASSES_ROOT\.csv has a value named Content Type that is set to application/vnd.ms-excel.

Internet Explorer

Again using the same example, the browser will report application/vnd.ms-excel. I think it's reasonable to assume Internet Explorer (version 11 as of writing) uses the registry. Possibly it also makes use of a hard-coded list like Chrome and Firefox, but its closed source nature makes it hard to verify.

Firefox

As indicated in the Chrome code, Firefox (version 32 as of writing) works in a similar way. Snippet from file uriloader\exthandler\nsExternalHelperAppService.cpp, method nsExternalHelperAppService::GetTypeFromExtension

// OK. We want to try the following sources of mimetype information, in this order:
// 1. defaultMimeEntries array
// 2. User-set preferences (managed by the handler service)
// 3. OS-provided information
// 4. our "extras" array
// 5. Information from plugins
// 6. The "ext-to-type-mapping" category

The hard-coded lists come earlier in the file, somewhere near line 441. You're looking for defaultMimeEntries and extraMimeEntries.

With my current profile, the browser will report text/csv because there's an entry for it in mimeTypes.rdf (item 2 in the list above). With a fresh profile, which does not have this entry, the browser will report application/vnd.ms-excel (item 3 in the list).

Summary

The hard-coded lists in the browsers are pretty limited. Often, the MIME type sent by the browser will be the one reported by the OS. And this is exactly why, as stated in the question, the MIME type reported by the browser is unreliable.

According to rfc1867 - Form-based file upload in HTML:

Each part should be labelled with an appropriate content-type if the media type is known (e.g., inferred from the file extension or operating system typing information) or as application/octet-stream.

So my understanding is, application/octet-stream is kind of like a blanket catch-all identifier if the type cannot be inferred.