I’m looking to test file upload support in Netlify Forms soon. According to the docs, my form handler will get a link to the uploaded form. Some questions on this:
- Is there a time limit on the file? Does it get auto cleaned ever?
- If it isn’t cleaned, is the developer expected to do anything at some point?
We don’t do any clean up any file uploads associated with form submissions. They just remain there indefinitely until you delete the submission itself.
Let me know if that addresses your question.
Interesting. So if I deployed a serverless function for my form that just emailed the details of the form, attached the file, and then forgot about it - in like a year or two is that going to be a problem? In other words, should developers be expected to process these files and not just leave them?
Hi, @cfjedimaster. If you are using Netlify Forms then we don’t automatically delete the submissions and you are required to do so if you want to avoid exceeding the the limits of Forms level 0.
Now, if on the other hand, you are actually creating a serverless function to handle form submissions and not using Netlify Forms at all, then there is no local storage persistence for Functions so there is nothing to delete.
In other words, the answer greatly depends on how the form is being implemented.
Are you creating a completely separate form handler using Functions and not using Netlify Forms at all? If so, there is nothing to process and no files need to be deleted.
Are you using Netlify Forms and using Functions to supplement the form handling? If so, then “yes” is the answer. You are required to log into the Netlify web app and delete form submissions you no longer want. This can also be done using API calls instead of using the web UI if you prefer to automate the form submissions deletion process.
Also, our support team can delete all the form submissions for you if you tell us the site and form name. (It is “all or nothing”, though, as we cannot delete only specific submissions.)
If you want to share more details about the implementation or if there are other questions we will be happy to discuss this in more detail.
Thanks, I think this makes sense. May I suggest that this be clarified in the docs? (Or if it is, I missed it.) Specifically that if using Netlify Forms and uploads, you are responsible for deleting the submissions (either via admin, API, or contacting support), to “clean up” those files?
You can suggest it but we don’t put everything in the docs intentionally - only the info that most people need to be successful in using the feature, which I think this is not part of . I do understand that you are curious so happy to dive into it, just think this doesn’t run into “something that very many people care about” territory, which is part of what drives those decisions. We will be happy to propose it for inclusion if you still feel it really needs to be there, but we don’t make the decisions about what makes the cut on the Support team…
Anyway, if you use our forms service I need to correct Luke’s statement: the files are NEVER deleted even if you delete the form submission. I don’t know how this factors into charges (at a guess you’d be charged for the total transfer amount in your billing cycle whether or not you delete the submissions, since we received and POST’ed that much data for you to our storage service, which is what cost we are trying to cover), but anyway, our submission and form deletion code does not seem to clean them up.
The URL you are sent is the only reference you’ll have to the data, and should you delete the submission and its notifications, we will not be able to provide the URL after the fact to you, so do keep track of it
Files: “I don’t know how this factors into charges” Is this something you can check? If there is no way to delete files, doesn’t that mean it’s unsafe to use this feature at all? I mean it makes sense to charge us for uploading and storing files, but it sounds like there is no way to remove those files and those charges… right? Or am I misunderstanding?
We charge for number of form submissions per month and MB uploaded (not stored) per month. We do not charge you for storing files submitted via forms, so you will not be charged again and again for the same stored file… unless you submit the file again and again.
As for deleting: to reiterate what @fool said above, the files in your form submissions are NEVER deleted even if you delete the form submission and/or form.
Ah cool - so basically - the developer worries about the amount of stuff per month, not the past, when it comes to figuring out what their cost is.
Hi @jen and @fool
Thanks for clarifying on how you handle file uploads.
However, I think found an issue regarding this.
Currently uploaded files seem to be indexed on Google, which may contain sensitive information. For example, if you search for site:d33wubrfki0l68.cloudfront.net inurl:pdf resume on Google, or click on this link https://www.google.com/search?q=site%3Ad33wubrfki0l68.cloudfront.net+inurl%3Apdf+resume there are a couple of PDF-files that probably not are intended to be found. If you modified the search, you can find a lot more files.
Is d33wubrfki0l68.cloudfront.net a Netlify “upload bucket”, where files may be indexed on search engines? (I tested uploading files, which was uploaded on this subdomain). I would like to avoid this for GDPR-reasons.
If this is true, it would be good if you could add the X-Robots-Tag: noindex in the header on all uploaded files, or perhaps allow files to be deleted.
Hey there, @ludde
Thanks so much for taking the time to share this feedback, we really appreciate it. We have shared it directly with our Engineering team.
Would love to get an update if something happens!