Closed slim0 closed 3 months ago
After some debugging, we are now one step further : the 403 is tied to referer
header being present (which we probably have no control over since Onyxia is web-based).
Removing the referer
header makes the request magically work.
I suspect you have some checks on aws:Referer
somewhere in your s3 policies, probably applied when you activate public mode
Can I close this or ther is something I should do on my end?
Hi @garronej, yes I think you can. We'll investigate a bit more on our side. Thx
Just to let you know that we succeeded to add the following bucket policy and that it works now:
{
"Statement": [{
"Effect": "Allow",
"Principal": {"AWS": "*"},
"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"],
"Condition": {
"StringLike": {
"aws:Referer": [ "https://my.domain/*" ]
}
}
} ]
}
We have an openstack (swift) S3 bucket available. When it is configured as a private bucket, everything is working fine in onyxia. But at soon as it is defined as a public bucket, the test connection keeps working (as well as the listing of existing files), but we receive an HTTP 403 Forbidden error when trying to interact (PUT/POST, DELETE) with the bucket from the "My files" tab.
A bucket example has been configured in my account at your sspcloud instance if you want to impersonate my user account. (username: slyobard)
Tips: Within a Jupyter Notebook instance on the datalab, it seems that the minio client commands to PUT or DELETE files are working...
Regards.