Question on Foundation/Core Attachment Component

Question

Is there a way i can make an API call with file uploaded through attachment component ? As soon as the file is selected, i would like to trigger JS from my client libs to make an API call. Seems as per the design, the attachment ( which is unscanned for any potential malware) is uploaded into AEM. Is there a workaround ?

Thanks,

Abhishek

AmitVishwakarma · Accepted Answer

Hi ​@kolluax,OOTB: you can’t reliably delete the already-uploaded attachment immediately from the “temporary” location. The Attachment component uploads first by design; on scan failure you should clear the field / block submission, and the temp store (typically under /tmp/fd/...) is purged by a scheduled cleanup job.Only workaround: build a custom backend servlet (with a service user) to delete the specific JCR node/path you received from getFileAttachmentsInfo()—not an out-of-the-box supported feature.Thanks,Amit

AmitVishwakarma · Answer

Hi ​@kolluax,Yes – you can trigger your own JS and call an API when a file is attached, but you cannot stop the attachment component from uploading the file to AEM first. The attachment is uploaded to AEM’s temporary storage by design; your code can react after that.Try below solution:Add a clientlib and include it in the Adaptive Form (via AF container’s Client Library Category).In that clientlib, listen for the file‑attachment event and call your API:$(document).ready(function () {  guideBridge.on("elementValueChanged", function (event, data) {    // Replace fileAttachment with your field name    if (data.target.name === "fileAttachment") {      window.guideBridge.getFileAttachmentsInfo({        success: function (list) {          if (!list || !list.length) return;          var attachment = list[0];      // {name, path, size, contentType, ...}          var path = attachment.path;    // CRX path of uploaded file          // Call your scan/validation API with path or other metadata          $.getJSON("/bin/yourScanServlet?assetPath=" + encodeURIComponent(path),            function (result) {              if (!result.safe) {                // Clear attachment and show error if scan fails                var field = window.guideBridge.resolveNode("fileAttachment");                field.value = null;                alert("File failed security scan. Please upload a different file.");              }            }          );        }      });    }  });});This pattern (listen to elementValueChanged -> getFileAttachmentsInfo() -> call servlet) is the same as Adobe’s barcode example for file attachments.https://experienceleague.adobe.com/en/docs/experience-manager-learn/forms/document-services/barcode-service-adaptive-forms-articleSecurity implication:There is no supported way with the built‑in attachment component to avoid the initial upload to AEM entirely.To ensure all files are scanned before any downstream use, you should:run your scan in this API/servlet layer, andblock submission / clear the field when the scan fails.Thanks,Amit

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded