Let’s say we have an HTML form on a page that accepts files and other user input. The form has a POST method and multipart/form-data enctype.
Suppose we want to play with a form submit request, we fill the form and submit it, then we use the Resend on the request, change the data from some text field (change only one character to not affect Content-Length), then click Send.
And what we get as a result, the form payload was changed, the affected text field was received by the server with the expected changes, BUT, the uploaded file was also affected (!), uploaded png image became corrupted, which was definitely not expected.
See HEX diff between submitted png file with and without form data alteration using Resend feature:
It was noticed that only bytes 0xD (CR) are changed, they are replaced by 0xA (LF).
If the payload has not been changed, the Resend works fine, all data is transmitted as is. But it is worth changing one character, the data is distorted.
Needless to say, this behavior of the developer tool was very unexpected for me. The logical behavior would be for the form data to remain in its original form until it is changed directly, especially if binary data was used.
Do you think this can be fixed?