I want to create a form for non-authenticated users in CSM and implement a feature to attach files there. Since it is impossible to achieve the file attachment feature for non-authenticated users with only CSM, I am considering a method to call an external API and store the files externally. When calling an external API,I want to check if the attached file extension is not disguised by using server-side-script.
I want to be able to detect when file extensions are spoofed.For example,if someone use RLO(Right-to-Left Override) to spoof the file extension. Does anyone have experience doing something like this? I think it might be possible to implement it by checking the MIME Type, but I don't know how to implement it.
