This is a report for safe-uploading files to Google Drive by HTML put in the external server using Google Apps Script.
When you want to make the user upload a file to your own Google Drive using the HTML put in the external server of Google side, when the file size is smaller than 50 MB, this can be achieved without using the access token. Ref (When the HTML is put in the internal server of Google side, you can also use
google.script.run.) But, when the file size is over 50 MB, it is required to upload the file with the resumable upload. In this case, the access token is required to be used. In this case that the user uploads to your own Google Drive, when the access token is used in the upload, it is considered that this is the weak point of the security. In this report, I would like to propose the method for safe-uploading files to Google Drive by HTML put in the external server using Google Apps Script. Please think of this as one of several methods.
The flow of this method is as follows.
When an user access to the Web Apps and select a file for uploading from the user’s local PC, the script of Web Apps is run.
Retrieve the access token and folder ID of destination folder (
tempfolder) to the client side.
Using the access token and folder ID, the file is uploaded with the resumable upload.
When the file upload is finished, at the Web Apps side, the uploaded file is copied to the specific folder (
destfolder) and the original file is removed. By this, the owner of the file is changed from the service account to your account. By this, the access token from the Web Apps cannot see the uploaded file.