So normally for file upload, you should first fetch the destination URL from an API which will do session verification, and then use form data to upload that file on that URL. The upload should not require a session verification since the URL should be random.