stackoom
  简体   繁体   中英

Upload file to S3 direct from the browser using POST

 原文  2020-09-30 03:41:15       javascript/ amazon-web-services/ amazon-s3

Question

Similar to this question: Enabling POST/PUT/DELETE on AWS CloudFront?

I have setup a Cloudfront Distribution with an Origin Access Identity that has access to the S3 origin.

S3 has a CORS configuration that allows PUT, POST, GET, etc. from any Origin. Cloudfront is forwarding the Origin, Access-Control-Request-Headers & Access-Control-Request-Method headers to the S3 origin.

Using the Dropzone-js library I have configured a POST upload request to the Cloudfront endpoint.

Response: 405 Method Not Allowed

And the Response headers:

  • access-control-allow-methods HEAD, GET, PUT, POST
  • access-control-allow-origin *
  • allow HEAD, DELETE, GET, PUT
  • server AmazonS3
  • x-cache Error from cloudfront

If I switch the request method to 'PUT' the upload response is successful.

200 OK

  • x-cache: Miss from cloudfront
  • access-control-allow-methods HEAD, GET, PUT, POST

The mysterious ' allow ' header is now missing.

The file that ends up in S3 following the PUT request is not readable. I get an Access Denied error when trying to download it.

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

I'm not sure if S3 implicitly refuses POST requests. That would be fine, so long as PUT requests worked.

The CORS configuration: 

<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

The Bucket Policy:

{
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXX"
            },
            "Action": [
                "s3:*",
                "s3:PutObject",
                "s3:GetObject",
                "s3:AbortMultipartUpload"
            ],
            "Resource": "arn:aws:s3:::example-bucket.net/*"
}

s3:* is to try and get it working for a start.

Why is POST not allowed to the S3 Origin? Why is the uploaded file corrupt/not readable?

I've also tried pre-signed URLs similar to method below, but face similar problems. POST is rejected, and PUT is AccessDenied. I tried this on multiple buckets. The only way it would work is with Public WRITE enabled. https://aws.amazon.com/blogs/media/deep-dive-into-cors-configs-on-aws-s3-how-to/

Edit: This issue is very similar, but appears to not be resolved. dropzone.js direct upload to S3 with content-type

1 answers

solution1
 0  2020-09-30 07:17:42

Why is POST not allowed to the S3 Origin?

POST requests for S3 origin in CloudFront with OAI are simply not supported .

From Using an OAI in Amazon S3 Regions that Support Only Signature Version 4 Authentication :

POST requests are not supported .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question direct upload string from browser to s3 without local file Amazon S3 direct file upload from client browser - private key disclosure Sending file direct from browser to S3 but changing file name Direct To S3 File Upload Django and Heroku Rails 6 Amazon S3 Error POST 403 (Forbidden) using s3_direct_upload gem Uploading to S3 from browser using signed upload URL fails XUL: Direct upload to S3 but without using a file-input element Trying to upload an image S3 via a signedUrl from a browser using fetch but the image is blank in s3 WebKitFormBoundary included in file payload on direct upload to s3 Upload files from browser to S3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM