From 930f1667d3707bc8af5fc357874be1127c7d43c1 Mon Sep 17 00:00:00 2001
From: "Benjamin D." <benito103e@users.noreply.github.com>
Date: Wed, 16 Apr 2025 11:31:41 +0200
Subject: [PATCH] Highligh 'extensions' instead of 'mimeTypes' for File
 constraint

You should always use the extensions option instead of mimeTypes except if you explicitly don't want to check that the extension of the file is consistent with its content (this can be a security issue).

By default, the extensions option also checks the media type of the file.
---
 controller/upload_file.rst | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/controller/upload_file.rst b/controller/upload_file.rst
index b3dc2d6ffd0..425709be0d2 100644
--- a/controller/upload_file.rst
+++ b/controller/upload_file.rst
@@ -77,11 +77,8 @@ so Symfony doesn't try to get/set its value from the related entity::
                     'constraints' => [
                         new File([
                             'maxSize' => '1024k',
-                            'mimeTypes' => [
-                                'application/pdf',
-                                'application/x-pdf',
-                            ],
-                            'mimeTypesMessage' => 'Please upload a valid PDF document',
+                            'extensions' => ['pdf'],
+                            'extensionsMessage' => 'Please upload a valid PDF document',
                         ])
                     ],
                 ])