The server generates and returns an arbitrary token, which is usually a hash or some other fingerprint with the contents on the file. The browser won't must know the way the fingerprint is generated; it only needs to send out it on the server on the following request. In case https://geralds653sep4.wikipublicity.com/user