search

transloadit / uppy

The next open source file uploader for web browsers :dog:
https://uppy.io
MIT License
29.14k stars 2.01k forks source link

STS client side signing with accelerated endpoint #4822

Open mifi opened 10 months ago

mifi commented 10 months ago

Initial checklist

Problem

https://github.com/transloadit/uppy/issues/4809#issuecomment-1851867949

Solution

allow client side signing also using accelerated endpoint also with STS

Alternatives

just say that we don't support that

movy commented 10 months ago

Thanks for this issue. I was mulling over the meaning behind getTemporarySecurityCredentials as it's not instantly obvious from the docs for those who are new to S3/STS business, now thanks to this and prev issue, its meaning is clear now.

As a temporary fix, I've set getTemporarySecurityCredentials: false in our uppy setup and everything works as expected now.

Another issue that was fixed along the way was uploads stalling in Chrome on MacOS after first chunk was sent, note the second (pending) request, it hangs forever:

image

(hangs only with getTemporarySecurityCredentials: true).

No issues in Safari or Firefox. I see no connection here, maybe we can investigate further later.

I also had to add POST to allowed methods in S3 CORS configuration, as it was not listed on docs page (https://uppy.io/docs/aws-s3-multipart/#setting-up-your-s3-bucket), but without this my browser could not start uploads due to a CORS error.

Either way, thanks for your help with this!

Murderlon commented 10 months ago

@aduh95 seems like we are sending a duplicate request in s3-multipart which never resolves.

stephenhuh commented 4 months ago

any updates on this one? while presigning can work, it just introduces too much network overhead (and cost)