S3, Fog, Figaro, Carrierwave: Excon::Errors::Forbidden (Expected(200) <=> Actual(403 Forbidden)

Question

I'm using Carrierwave/Fog/S3 with Figaro to upload images for a yelp-style site.

The entire site works beautifully locally, no problems. And on heroku, it works great, too, until I create a new restaurant with an image or try to update the image on an existing restaurant, and then I get this in my logs:

 Excon::Errors::Forbidden (Expected(200) <=> Actual(403 Forbidden)  

Here's my image_uploader.rb:

# encoding: utf-8

class ImageUploader < CarrierWave::Uploader::Base

  # Include RMagick or MiniMagick support:
  # include CarrierWave::RMagick
  include CarrierWave::MiniMagick

  # Choose what kind of storage to use for this uploader:
  if Rails.env.production?
    storage :fog
  else
    storage :file
  end

  # Override the directory where uploaded files will be stored.
  # This is a sensible default for uploaders that are meant to be mounted:
  def store_dir
    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
  end

  # Provide a default URL as a default if there hasn't been a file uploaded:
  # def default_url
  #   # For Rails 3.1+ asset pipeline compatibility:
  #   # ActionController::Base.helpers.asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
  #
  #   "/images/fallback/" + [version_name, "default.png"].compact.join('_')
  # end

  # Process files as they are uploaded:
  process :resize_to_fit => [200, 300]
  #
  # def scale(width, height)
  #   # do something
  # end

  # Create different versions of your uploaded files:
  # version :thumb do
  #   process :resize_to_fit => [50, 50]
  # end

  # Add a white list of extensions which are allowed to be uploaded.
  # For images you might use something like this:
  # def extension_white_list
  #   %w(jpg jpeg gif png)
  # end

  # Override the filename of the uploaded files:
  # Avoid using model.id or version_name here, see uploader/store.rb for details.
  # def filename
  #   "something.jpg" if original_filename
  # end

  end

Here's my _form.html.erb that's rendered in the update and new files:

<%= form_for(@restaurant, :html => {multipart: true}) do |f| %>
  <% if @restaurant.errors.any? %>
    <div id="error_explanation" class= "alert alert-danger alert-dismissable">
    <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
      <h4><%= pluralize(@restaurant.errors.count, "error") %> prohibited this restaurant from being saved:</h4>

      <ul>
      <% @restaurant.errors.full_messages.each do |message| %>
        <li><%= message %></li>
      <% end %>
      </ul>
    </div>
  <% end %>

 <div class="form-group">
    <%= f.label :name %><br>
    <%= f.text_field :name, class: "form-control", placeholder: "Panera Bread" %>
  </div>
  <div class="form-group">
    <%= f.label :address %><br>
    <%= f.text_field :address, class: "form-control", placeholder: "201 Brookline Avenue, Boston, MA 02215" %>
  </div>
  <div class="form-group">
    <%= f.label :phone %><br>
    <%= f.text_field :phone, class: "form-control", placeholder: "(617) 247-0174" %>
  </div>
  <div class="form-group">
    <%= f.label :website %><br>
    <%= f.text_field :website, class: "form-control", placeholder: "http://www.panerabread.com/" %>
  </div>
  <div class="form-group">
    <%= f.label :image %><br>
    <%= f.file_field :image, class: "form-control" %>
  </div>
  <div class="actions">
    <%= f.submit class: "btn btn-primary" %>
  </div>
<% end %>

I've checked the keys to make sure they're right. I added administrator access policies to my keys (per this question and this one ). I've checked the permissions and they're all good.

And so far, sleeping on it hasn't worked (per this question .)

Any ideas?

Thanks in advance!!

Answer 1

I could be way off but make sure you run "heroku run rake db:migrate" to make the database migration in production and after that make sure to run "heroku restart". I'm not sure this will be the answer to your problems, but the "heroku restart" helped me after struggling with this for a veeerrrrry long time.

Answer 2

I can see two potential reasons why you get 403 from AWS:

1. AWS not having the permissions set properly (but you already checked that and you were able to upload images from your machine, so that's less likely)
2. the data you're passing to AWS from heroku instance is wrong.

Could you attach a file where you set the S3 bucket name and keys? Did you try to run a Rails console and print out the values of the config? (you can run heroku run bash and after you connect to heroku dyno bundle exec rails console and, voila, you have access to your production server).

You also wrote that sometimes uploading images work, but not when creating a new restaurant or updating an existing one. What are those cases? It might be interesting to see what makes them so different (and working on heroku)?