0

We have a Python application which acts as a web server with the GUI rendered in a browser of the user's choosing. The server runs on the same PC as the browser.

The user needs to select a file to process (in the browser) and this is then passed to the server for processing.

Because of the browser security model we don't get the full path of the original file. Instead the browser uploads a copy of the file and this path is what is passed to the server.

The files are about 0.5GB so the upload time is significant, e.g. 45s, but it's a complete waste of time for us as we could simply access the original file if the browser gave us the path.

Is there a way we can get the full path of the original file and avoid wasting time with the browser uploading the file?

[Forgive me if the terminology is not right: I'm a manager, the developer is a raw grad, we have no experienced web developers]

quite68
  • 31
  • 7
  • 2
    No, that is not possible (without some sort of browser modification, like a specialized add-on). Browsers do not distinguish between interacting with a local server versus a remote server. – Pointy Jul 21 '20 at 15:13
  • 4
    You can't, that's for security purpose, the only thing you can get is the name of the file. But why doesn't the server offer a way to explore the files in the browser rather than using the built-in file explorer from the client? – Anthony Raymond Jul 21 '20 at 15:19
  • https://stackoverflow.com/questions/15201071/how-to-get-full-path-of-selected-file-on-change-of-input-type-file-using-jav – epascarello Jul 21 '20 at 15:31

1 Answers1

0

If browser security could be circumvented to capture the full filepath that would represent a security hole in all major browsers!

This can be done, but you will need to write a custom file upload interface in order to do this.

If the server is guaranteed to be running on the same machine as the client (the browser), the server can inform the client of the files on their machine.

The interaction would look like:

  1. User clicks "upload a file" in the browser
  2. Browser requests file information from the server
  3. Server returns a listing of the root directory containing items like the users, Program Files, and Windows folders (assuming windows OS)
  4. Browser receives this information and renders it using html components; for example something like:
<div class="file-browser">
  <div class="current-directory">C:</div>
  <div class="children">
    <div class="child directory">
      <div class="full-name">C:/users</div>
    </div>
    <div class="child directory">
      <div class="full-name">C:/Program Files</div>
    </div>
    <div class="child directory">
      <div class="full-name">C:/Windows</div>
    </div>
    <div class="child file">
      <div class="full-name">C:/StopProc.bat</div>
      <div class="filesize">66 bytes</div>
    </div>
  </div>
</div>
  1. User clicks the "/users" directory
  2. Browser requests file information from server
  3. Server returns file information for /users directory (with items like C:/users/user1, C:/users/user2, etc.)
  4. Browser renders this information in html

This process continues. If the server is willing to return absolute filepath information to the browser, and they are running on the same machine, nothing can stop this information from entering the browser.

Gershom Maes
  • 7,358
  • 2
  • 35
  • 55