diff --git a/src/applications/files/conduit/FileInfoConduitAPIMethod.php b/src/applications/files/conduit/FileInfoConduitAPIMethod.php
index 4a5aa9cdce..d95b002b9a 100644
--- a/src/applications/files/conduit/FileInfoConduitAPIMethod.php
+++ b/src/applications/files/conduit/FileInfoConduitAPIMethod.php
@@ -1,64 +1,64 @@
 <?php
 
 final class FileInfoConduitAPIMethod extends FileConduitAPIMethod {
 
   public function getAPIMethodName() {
     return 'file.info';
   }
 
   public function getMethodDescription() {
     return 'Get information about a file.';
   }
 
   public function defineParamTypes() {
     return array(
       'phid' => 'optional phid',
       'id'   => 'optional id',
     );
   }
 
   public function defineReturnType() {
     return 'nonempty dict';
   }
 
   public function defineErrorTypes() {
     return array(
       'ERR-NOT-FOUND'     => 'No such file exists.',
     );
   }
 
   protected function execute(ConduitAPIRequest $request) {
     $phid = $request->getValue('phid');
     $id   = $request->getValue('id');
 
     $query = id(new PhabricatorFileQuery())
       ->setViewer($request->getUser());
     if ($id) {
       $query->withIDs(array($id));
     } else {
       $query->withPHIDs(array($phid));
     }
 
     $file = $query->executeOne();
 
     if (!$file) {
       throw new ConduitException('ERR-NOT-FOUND');
     }
 
-    $uri = $file->getBestURI();
+    $uri = $file->getInfoURI();
 
     return array(
       'id'            => $file->getID(),
       'phid'          => $file->getPHID(),
       'objectName'    => 'F'.$file->getID(),
       'name'          => $file->getName(),
       'mimeType'      => $file->getMimeType(),
       'byteSize'      => $file->getByteSize(),
       'authorPHID'    => $file->getAuthorPHID(),
       'dateCreated'   => $file->getDateCreated(),
       'dateModified'  => $file->getDateModified(),
       'uri'           => PhabricatorEnv::getProductionURI($uri),
     );
   }
 
 }
diff --git a/src/applications/files/conduit/FileUploadConduitAPIMethod.php b/src/applications/files/conduit/FileUploadConduitAPIMethod.php
index 389e314333..3601594dad 100644
--- a/src/applications/files/conduit/FileUploadConduitAPIMethod.php
+++ b/src/applications/files/conduit/FileUploadConduitAPIMethod.php
@@ -1,57 +1,54 @@
 <?php
 
 final class FileUploadConduitAPIMethod extends FileConduitAPIMethod {
 
   public function getAPIMethodName() {
     return 'file.upload';
   }
 
   public function getMethodDescription() {
     return 'Upload a file to the server.';
   }
 
   public function defineParamTypes() {
     return array(
       'data_base64' => 'required nonempty base64-bytes',
       'name' => 'optional string',
       'viewPolicy' => 'optional valid policy string or <phid>',
       'canCDN' => 'optional bool',
     );
   }
 
   public function defineReturnType() {
     return 'nonempty guid';
   }
 
   public function defineErrorTypes() {
     return array(
     );
   }
 
   protected function execute(ConduitAPIRequest $request) {
-    $data = $request->getValue('data_base64');
+    $viewer = $request->getUser();
+
     $name = $request->getValue('name');
     $can_cdn = $request->getValue('canCDN');
     $view_policy = $request->getValue('viewPolicy');
 
-    $user = $request->getUser();
-    $data = base64_decode($data, $strict = true);
-
-    if (!$view_policy) {
-      $view_policy = PhabricatorPolicies::getMostOpenPolicy();
-    }
+    $data = $request->getValue('data_base64');
+    $data = $this->decodeBase64($data);
 
     $file = PhabricatorFile::newFromFileData(
       $data,
       array(
         'name' => $name,
-        'authorPHID' => $user->getPHID(),
+        'authorPHID' => $viewer->getPHID(),
         'viewPolicy' => $view_policy,
         'canCDN' => $can_cdn,
         'isExplicitUpload' => true,
       ));
 
     return $file->getPHID();
   }
 
 }
diff --git a/src/applications/files/view/PhabricatorGlobalUploadTargetView.php b/src/applications/files/view/PhabricatorGlobalUploadTargetView.php
index 8bfe1d6089..815d2ce1cc 100644
--- a/src/applications/files/view/PhabricatorGlobalUploadTargetView.php
+++ b/src/applications/files/view/PhabricatorGlobalUploadTargetView.php
@@ -1,44 +1,51 @@
 <?php
 
 final class PhabricatorGlobalUploadTargetView extends AphrontView {
 
   private $showIfSupportedID;
 
   public function setShowIfSupportedID($show_if_supported_id) {
     $this->showIfSupportedID = $show_if_supported_id;
     return $this;
   }
 
   public function getShowIfSupportedID() {
     return $this->showIfSupportedID;
   }
 
   public function render() {
     $viewer = $this->getUser();
     if (!$viewer->isLoggedIn()) {
       return null;
     }
 
     $instructions_id = celerity_generate_unique_node_id();
 
     require_celerity_resource('global-drag-and-drop-css');
 
+    // Use the configured default view policy. Drag and drop uploads use
+    // a more restrictive view policy if we don't specify a policy explicitly,
+    // as the more restrictive policy is correct for most drop targets (like
+    // Pholio uploads and Remarkup text areas).
+
+    $view_policy = PhabricatorFile::initializeNewFile()->getViewPolicy();
+
     Javelin::initBehavior('global-drag-and-drop', array(
       'ifSupported' => $this->showIfSupportedID,
       'instructions' => $instructions_id,
       'uploadURI' => '/file/dropupload/',
       'browseURI' => '/file/query/authored/',
-      'viewPolicy' => PhabricatorPolicies::getMostOpenPolicy(),
+      'viewPolicy' => $view_policy,
       'chunkThreshold' => PhabricatorFileStorageEngine::getChunkThreshold(),
     ));
 
     return phutil_tag(
       'div',
       array(
         'id'    => $instructions_id,
         'class' => 'phabricator-global-upload-instructions',
         'style' => 'display: none;',
       ),
       pht("\xE2\x87\xAA Drop Files to Upload"));
   }
 }