Affects Version/s: 7.4
Fix Version/s: 7.10
Impact type:API change
The new upload API implemented by BatchUploadObject doesn't allow such thing.
Whatever request is done using the /api/v1/upload endpoint the batchId is part of the resource itself, ex:
A 404 status code is returned if the batch matching the given id doesn't exist.
Yet the old API, deprecated but maintained for backward compatibility, does allow such a client-side generated id passed as a request header, see BatchResource:
This is how the old API now behaves:
- If no batch id is provided, initialize a batch with a server-side generated id by calling BatchManager#init().
- If a batch id is provided:
- If an existing batch matches this id use it. This is possible by making a first call to the new API: /api/v1/upload but in this case why not use the new API through the whole upload process?
- If no batch matches this id:
- If the allowClientGeneratedBatchId configuration property is false, return an HTTP 500 error with the following message "Cannot upload a file with a client-side generated batch id, please use new upload API or set configuration property allowClientGeneratedBatchId to true (not recommended)".
- If the allowClientGeneratedBatchId configuration property is set to true, a batch will be initialized internally with this id by the BatchManager. With a warning in the logs: "Allowing to initialize upload batch with a client-side generated id since configuration property allowClientGeneratedBatchId is set to true but this is not recommended, please use new upload API instead".
The allowClientGeneratedBatchId configuration property is not set by default (thus false) for the LTS 2015 to enforce security.
This has consequences on the Nuxeo client code using the old batch upload API with a client-side generated id:
- Drag and Drop, see
- JS client and nuxeo-elements, see
- CAP and Drive Scala bench + Drive Funkload bench, see
- Nuxeo Drive, see
Important note about Nuxeo Drive: starting from 7.10, the minimum compatible version of Nuxeo Drive will be the next released version, meaning the one following 2.0.911.
This version will include