presigned URLs require redirect, breaking CORS
See original GitHub issueI am trying to implement a direct upload feature for a website. On the backend I generate a presigned URL so I can do the upload from the browser:
bucket = self.request.registry.settings['s3.media.bucket']
client = boto3.client('s3')
url = client.generate_presigned_url('put_object',
Params={
'Bucket': bucket,
'Key': '%s/%s' % (data['category'], data['key']),
'ACL': 'public-read',
'ContentType': data['content_type'],
},
ExpiresIn=300,
HttpMethod='PUT')
The resulting URL follows the standard naming pattern of https://<bucket>.s3.amazonaws.com/<path>. When I try to do the file upload from a browser the browser will first issue a CORS pre-flight OPTIONS request. This results in a 307 temporary redirect from AWS to https://<bucket>.*<region>*.amazonwas.com/<path>
. Since redirects for CORS requests are not allowed the browser immediately aborts the request.
Is there a way to generate a URL that will not result in a redirect using boto3?
Issue Analytics
- State:
- Created 8 years ago
- Comments:10 (2 by maintainers)
Top Results From Across the Web
How to solve CORS problems when redirecting to S3 signed ...
First, there is a request to the backend, asking to sign an S3 URL. Then a separate request is sent to the bucket...
Read more >Deep dive into CORS configs on Amazon S3 | AWS Media Blog
This function returns a presigned URL which can be used in a subsequent POST to upload a file to Amazon S3.
Read more >CORS. Presigned URL. S3 - Stack Overflow
CORS is a browser mechanism that prevents site A from making requests to site B (that's your bucket) unless site B agrees to...
Read more >Working with S3 pre-signed URLs - Altostra
S3 pre-signed URLs grant temporary access to objects in AWS S3 buckets without the need to grant explicit permissions.
Read more >S3 – Connection Aborted / Broken Pipe when uploading to ...
If I use the same code above to generate presigned URLs for any other bucket with a variety of ACL rules / CORS...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I am using AWS sdk for uploads, after spending some time searching online i stumbled upon this thread. thanks to @lsimoneau 45581857 its turns out the exact same thing was happening. I simply pointed my request Url to the region on my bucket by attaching the region property and it worked.
const s3 = new AWS.S3({ accessKeyId: config.awsAccessKeyID, secretAccessKey: config.awsSecretAccessKey, region: ‘eu-west-2’ // add region here });
@Chronial In that case, you should either sign the request with sigv4 or remove that function from event handler. I’ll include this use case in #425 since it’s a bit of a gotcha. For now, here’s how to use sigv4: