1

Is it possible to receive byte and string data simultaneously in an HTTP response? A cannot mix the two put in a json but you get the idea:

private async getFile(): Promise<{ data: Blob, checksum: string }> {

  return this.http.get('some url/getfile...', {
    'headers': accessToken
  }).pipe(timeout(10000)).toPromise().then(res => {
    if (res['status'] === 200 && res['body']) {
      return {
        data: res['body']['data'],
        checksum: res['body']['checksum']
      };
    }
    return undefined;
  }).catch(() => undefined);

}

What's the proper way?

My ideas:

Should the server maybe put the checksum into the response header?

Or, should it send also the checksum as bytes? If so, how to separate it from the actual data?

Or what if I'd combine the two in a single byte stream and if e.g. md5 was used to produce the checksum I would know that the first (or last) 128 bits (= 16 bytes?) are the checksum, the rest is the actual data.

What I don't want is to (1) do it with separate requests (2) put the checksum in some text file on the server side and zip it with the actual file, then unzip the archive on the client side.

tom
  • 2,137
  • 2
  • 27
  • 51
  • base64 the byte stream? – Diodeus - James MacFarlane May 01 '19 at 13:40
  • that could be an option, but the file size can be around 8-10 MB. Wouldn't it be too much to encode-decode? – tom May 01 '19 at 13:52
  • checksum in the header. easiest and simplest. headers are for tiny bits of metadata that relate to your request. Pretty sure i've seen checksums in the header before in the wild. – bryan60 May 01 '19 at 14:59
  • @bryan60 in which field would you put it? – tom May 01 '19 at 15:15
  • really any header you want, not sure what kind of checksum you're looking for, but the Content-MD5 header seems like its a thing: https://tools.ietf.org/html/rfc1864. I'd check this question for more on the topic: https://stackoverflow.com/questions/41461239/webapi-file-download-checksum – bryan60 May 01 '19 at 15:19

1 Answers1

1

The Content-MD5 header is a thing and used for this purpose in both uploads and downloads: https://www.rfc-editor.org/rfc/rfc1864

Generally, headers are for small bits of metadata relating to your request. This is a totally valid header use case if you feel this extra security is warranted.

Community
  • 1
  • 1
bryan60
  • 28,215
  • 4
  • 48
  • 65