search

nukulb / s3-angular-file-upload

Example of S3 file upload using ng-file-upload, angular, nodejs
MIT License
135 stars 34 forks source link

CORS problem #11

Open rodrigoreis22 opened 10 years ago

rodrigoreis22 commented 10 years ago

Hi,

I configured both permissions and CORS as oriented on the documentation.. but I still get the error:

"XMLHttpRequest cannot load https://[bucket name suppressed here].s3.amazonaws.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access."

Any ideas?

rodrigoreis22 commented 10 years ago

I solved this by adding the following policy:

{ "Version": "2008-10-17", "Id": "Policy1410316754092", "Statement": [ { "Sid": "Stmt1410316750357", "Effect": "Allow", "Principal": { "AWS": "" }, "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::[bucket name here]/" } ] }

Granting access to Everyone on the permissions checkboxes didn't work.

nukulb commented 10 years ago

@rodrigoreis22 you are getting this error despite adding the cors file? Can you explain once how you added it?

    <?xml version="1.0" encoding="UTF-8"?>
      <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
          <CORSRule>
              <AllowedOrigin>*</AllowedOrigin>
              <AllowedMethod>GET</AllowedMethod>
              <AllowedMethod>POST</AllowedMethod>
              <AllowedMethod>PUT</AllowedMethod>
              <AllowedHeader>*</AllowedHeader>
          </CORSRule>
      </CORSConfiguration>
rodrigoreis22 commented 10 years ago

I added the CORS configuration on the Edit CORS policy button.. and I created a new row in permissions grating to "Everyone" permission to the bucket. But it didn't work. It only worked when I added the security policy above on the bucket.

nukulb commented 10 years ago

I can't seem to reproduce this, can I get a screenshot of the edit Cors Configuration, are you sure it was saved properly?

Can you remove the policy you added and then simply add crossdomain.xml file in the root of the bucket?

Put the following content in your crossdomain.xml in the root of your S3 bucket.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <allow-access-from domain="*" secure="false" />
</cross-domain-policy>
rodrigoreis22 commented 10 years ago

I did something different instead, more secure I think: I created an IAM user called fileuploader and this user will only have permissions to the bucked I defined. And on the bucket I created a policy granting Put access only to the fileuploader user. And I changed my CORS to be more restrict.

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>http://myhost.com</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
        <ExposeHeader>x-amz-request-id</ExposeHeader>
        <ExposeHeader>x-amz-id-2</ExposeHeader>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Security policy:

{
    "Version": "2008-10-17",
    "Id": "Policy14105765660",
    "Statement": [
        {
            "Sid": "Stmt14105765609",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::[iam user id]:user/fileuploader"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::[your bucket name]/*"
        }
    ]
}