The server generates and returns an arbitrary token, which is typically a hash or some other fingerprint in the contents with the file. The browser would not have to know how the fingerprint is generated; it only really should mail it towards the server on the next request. In the https://carderl344uii3.wikigdia.com/user