Multer's file
object contains a mimetype
value. The documentation describes it as "Mime type of the file", but provides no other details.
How is the value of this field determined? Is it simply the Content-Type:
provided by the client (which can easily be spoofed) or is the uploaded file evaluated in some way that can help determine the true file type?
By tracking the source code, it's come from content-type
header.
Here is how I track:
make-middleware.js in Multer: Where there is a busboy
stream object listening on file
event and having mimetype
as one of the input parameter of callback function. The mimetype
is appended to req.files
that the user got.
busboy: The busboy
instance is created with request headers parsed by it's own parseHeaders
and parseParams
function. You can find it's doing something on content-type
header.
Further tracking, you will find it applies the Dicer object to listen on headers
event and emit file
event to busboy
with parsed mimeType.