File Uploads for the Web (1): Uploading Files with HTML

This is the first post in a series all about uploading files to the web. In this post, we cover the steps needed to upload files using only HTML.

Today we are kicking off the first post in a series all about uploading files to the web. In this post, we’ll start with the basics using HTML. The full series will look like:

  1. Uploading files with HTML
  2. Uploading files with JavaScript
  3. Receiving file uploads with Node.js (Nuxt.js)
  4. Optimizing storage costs with Object Storage
  5. Optimizing delivery with a CDN
  6. Securing file uploads with malware scans

Access Files

The very first step is accessing a file to upload. Unfortunately, or rather, fortunately, browsers can’t access our file systems. If they did, it would be a major security concern.

There is work being done on the File System Access API, but it’s experimental and will be limited access, so let’s just pretend it doesn’t exist.

Accessing a file requires user interaction, which means we need something in the UI for the user to interact with. Conveniently, there is the input element with a file type attribute.

<input type="file" />

On its own, a file input isn’t very useful. It allows a user to select a file from their device, but that’s about it.

To actually send the file to a server, we need to make an HTTP request, which means we need a <form>. We’ll put the file input inside along with a <button> to submit the form. The input will also need a <label> to make it accessible for assistive technology, an id attribute to associate it with the label, and a name attribute in order to include its data along with the HTTP request.

<form>
  <label for="file">File</label>
  <input id="file" type="file" />
  <button>Upload</button>
</form>

Looks good 👍.

Doesn’t work good, though 👎.

Include a Request Body

If we watch the network tab as we submit the form, we can see that it generates a GET request, and the payload is sent as a query string that looks like this: “?name=filename.txt“. It’s essentially a key-value pair, with the key being the input name and the value being the name of the file.

This is sent as a string.

Not quite what we’re going for here.

We can’t actually send a file using a GET request because you can’t put a file in the query string parameters. We need to put the file in the body of the request. To do that, we need to send a POST request, which we can do by changing the form’s method attribute to "post".

<form method="post">
  <label for="file">File</label>
  <input id="file" name="file" type="file" />
  <button>Upload</button>
</form>

Now, if we explore that request, we can see that we are making a post request. We can also see that the request has a payload containing the form’s data. Unfortunately, the data is still just a key-value pair with the input name and the filename.

Set the Content-Type

We’re still not actually sending the file, and the reason has to do with the request “Content-Type“.

By default, when a form is submitted, the request is sent with a Content-Type of application/x-www-form-urlencoded. And unfortunately, we can’t send the binary file information as URL encoded data.

In order to send the file contents as binary data, we have to change the Content-Type of the request to multipart/form-data. And in order to do that, we can set the form’s enctype attribute.

<form method="post" enctype="multipart/form-data">
  <label for="file">File</label>
  <input id="file" name="file" type="file" />
  <button>Upload</button>
</form>

Now, if we submit the form one more time, we can see the request uses the POST method, has the Content-Type set to multipart/form-data. In Chromium browsers, you’ll no longer see the request payload, but you can see it in the Firefox devtools under the request Params tab.

We did it!!!

Recap

With all that in place, we can upload files using HTML. To re-iterate, sending files with HTML requires three things:

  1. Create an input with the type of file to access the file system.
  2. Use a form with method="post" to include a body on the request.
  3. Set the request’s Content-Type to multipart/form-data using the enctype attribute.

I hope you learned something new today, and you come back for the rest of the series. In the rest of the series, we’ll cover things like uploading files with JavaScript, receiving files on the backend, optimizing resources and costs with Object Storage, security concerns for uploads, and delivery improvements.

Once again, here’s what the series outline will look like:

  1. Uploading files with HTML
  2. Uploading files with JavaScript
  3. Receiving file uploads with Node.js (Nuxt.js)
  4. Optimizing storage costs with Object Storage
  5. Optimizing delivery with a CDN
  6. Securing file uploads with malware scans

Thank you so much for reading. If you liked this article, please share it. It's one of the best ways to support me. You can also sign up for my newsletter or follow me on Twitter if you want to know when new articles are published.


Originally published on austingil.com.