I read from the following django document
UploadedFile.content_type
The content-type header uploaded with the file (e.g. text/plain or application/pdf). Like any data supplied by the user, you shouldn’t trust that the uploaded file is actually this type. You’ll still need to validate that the file contains the content that the content-type header claims – “trust but verify.”
and then tried this in my project by printing out the content type of the file uploaded with
print request.FILES['file'].content_type
It would print out the content-type of the file, e.g. text/pain, image/jpeg
But the problem is : If I trick the file. For example, using the notepad to delete the headers of a image/jpeg file and then save it, the print would still print 'image/jpeg'. However, since the header have been deleted by me and could not be opened with an image viewer(although the extension of the file is still .jpg), it should not be identified as a 'image/jpeg' file.
So it seems that the UploadedFile.content_type is just checking the extension of a file thus not a safe way to go with checking and verifying the file type and some other ways are needed to better solve the checking problem. Am I right in saying this, correct me if there are any misunderstandings.
Thank you very much for your help.
