currently have tag csrf_exempt on handle_file function but should be removed for security
currently have tag csrf_exempt on handle_file function but should be removed for security