Open kusold opened 7 years ago
Further research leads me to believe that the official ruby SDK might be handling x-aml-acl
differently then other libraries because it hoists the property to a query parameter ( https://github.com/aws/aws-sdk-ruby/issues/874 ). There is currently a feature request here: https://github.com/aws/aws-sdk-ruby/commit/17a8b419cc85733a99a8edd5fea06e29dd0caa3f
For fellow googlers, here's a quick workaround. Pass the uploadRequestHeaders
prop with {}
, and you'll get no headers attached to the request.
For Python devs using Boto3, there is a sample to generate presigned urls in the documentation, but note that the ClientMethod correlates to methods in the S3.Client library. You'll want to use the put_object string, and include the ACL parameter in the Params object. Hope that saves someone a bunch of time.
@tmorton dude thanks for doing my life easier
@tmorton what if I need to send something in the header? The moment I pass an option to uploadRequestHeaders
, it starts throwing 403 forbidden error. Any workaround?
@iamrahulroy I haven't looked at this in a while. I'm guessing you will need to fork this project, and remove the x-amz-acl
header, or sign it.
For fellow googlers, here's a quick workaround. Pass the
uploadRequestHeaders
prop with{}
, and you'll get no headers attached to the request.
I guess in this way it won't be publicly accessible. Right?
I had an issue where all of my requests were coming back with this:
My presigner uses the official ruby aws SDK:
And it outputs this string:
https://foo-dev.s3.amazonaws.com/something_private/my_filename?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MyCredentials%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170118T190154Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&x-amz-acl=public-read&X-Amz-Signature=MySignature
And here is my react component.
getSignedPeopleTargeting
calls a route that ends up returning the value frompresign_foo
.Eventually I tracked this down to a line in the s3-uploader that adds the header: https://github.com/odysseyscience/react-s3-uploader/blob/7a26ebc3d0cbfbf3bfb9bec2d0cb28bf147e8b95/s3upload.js#L160
I believe that this header is not needed as I can control the acl in my presign function (tested by making it private). Because all the presigner examples set the acl, can this line be removed? Alternatively, can the
if
statement be changed to:typeof this.uploadRequestHeaders === 'undefined'
?