Cannot upload GLTF/GLB [update: font files, zip] to assets/project?

I’m not sure I understand how to upload assets to a project, I’ve tried uploading a gltf & glb via “Upload an Asset” in assets and “Upload a File” under New File.

When I try uploading https://api.glitch.com/v1/projects/ba9d6e52-6743-4421-8103-70470962d978/policy?contentType=model/gltf+json returns 400 with Invalid Content Type

same with https://api.glitch.com/v1/projects/ba9d6e52-6743-4421-8103-70470962d978/policy?contentType=model/gltf-binary

I reached out to support and they told me to use wget from the cdn citing some forum post, which didn’t appear relevant, as my understanding that uploading an asset uploads it to the cdn.

Any advice?

1 Like

currently facing the same issue, cannot upload a zip to assets

1 Like

Seems like some new update is blocking this, it’s strange that within a 2 month period there have 2 threads about this. The other change with the cdn is the move to from cdn.glitch.com to cdn.glitch.me which seems to be for security reasons (see this) so I’m guessing this is somehow related.

I managed to rename a pdf file and upload it to glitch’s cdn without problems. Is it possible for you to provide the file you are attempting to upload since the glitch server might be checking the contents of the file? Also do more common filetypes like txt, png, and jpg work fine?

1 Like

Uploading it as a .txt file bypasses their mimetype checking via the Upload file, didn’t work as an asset

Hi there, in efforts to combat abuse we are currently working on our asset upload file type policies. I’ve reported back to the team that gltf, glb and zip files aren’t working so those types can be added to our allow list. We apologize for the trouble here!

2 Likes

Hello, wondering if you’ve experienced problems uploading .woff or .woff2 fonts? My glitch projects won’t let me upload it to the assets and its weird cause I was always told this is the ideal font to be uploading.

1 Like

Hi there @fdsdfsdfd - can you email support@glitch.com (tell them Jenn sent you!) and attach the gltf and glb files you’re trying to upload - we want to test that those content types but the gltf file I have from another report has a different content type.

1 Like

I understand that with free projects and accounts, perhaps consider loosening your restrictions on paid customers? Also the way you’re checking assets are easily thwarted, so I’m not sure if this approach has much utility in defending against motivated abusers.

I won’t send the files, however they are exported from Blender.

Motivated enough abusers can exploit anything, honestly. Our work is on minimizing harm to the community and one part of that is preventing assets from being able to render malicious html and javascript. I will pass on your feedback re: Pro asset uploads, and also update in here when I believe you should be able to upload your Blender files. Thanks for flagging this issue, and if there are other Blender file types we should also allow, let me know!

I’m trying to upload a USDZ, PDF, and a GLB file to my assets folder. I get this error on top right of the page “File upload failed. Try again in a few minutes?”. Is there a recent change on supported formats for the assets folder? I was able to upload these formats before.
Note that I still can upload JPG and MP4.

1 Like

Hi @Motori

I am sorry that you cannot upload those types of content to assets at the moment!

Recently, we adjusted our CDN to improve site security. A side effect was that some content types are not being allowed at the moment. We are working to fix this. As soon as it is resolved, we will let you know via this thread which I am merging your post into.

2 Likes

yes, of course, however relying on MIME types and file extensions is not the way to address the problem, there is no inherent security properties in them. The current solution in this thread is to literally rename the file extension during upload, and then optionally rename it back once done.

If it’s for security purposes, you would need to parse the entire file or in the case of binaries check its headers, prior passing it onto your CDN.

Thanks for the feedback, I’ll pass it on to the team working on it!

1 Like

I’ve never been able to rename assets. can you describe how?

1 Like

Hi there (also @cybrejon, @dearnaomichan, @Motori) - appreciate your patience here, just wanted to let y’all know we deployed a fix so you should be able to upload these files to assets again. If you continue to have issues, file a ticket at help.glitch.com to let us know!

1 Like