docs: require content length for attachment uploads#20
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d09d9396b4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| ``` | ||
|
|
||
| The response includes an `upload_url` and required `headers`. Send a `PUT` request to that URL with the exact file bytes and returned headers. The upload token can write only that attachment, expires quickly, and does not grant send access. | ||
| The response includes an `upload_url` and required `headers`, including `Content-Type` and exact `Content-Length`. Send a `PUT` request to that URL with the exact file bytes and returned headers. The upload token can write only that attachment, expires quickly, and does not grant send access. |
There was a problem hiding this comment.
Clarify browser handling for Content-Length
Because this delegated-upload section explicitly includes browsers, telling clients to send the returned headers including Content-Length gives browser callers an instruction they cannot follow: Fetch/XHR treats Content-Length as a forbidden request header, so a browser implementation that copies these headers cannot set it directly and may either drop it or fail validation. Please separate browser guidance from shell/agent guidance, e.g. tell browsers to use a Blob/File body and let the user agent supply the length while only setting the allowed returned headers.
Useful? React with 👍 / 👎.
Summary
Verification