Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

presigned URLs require redirect, breaking CORS

See original GitHub issue

I am trying to implement a direct upload feature for a website. On the backend I generate a presigned URL so I can do the upload from the browser:

bucket = self.request.registry.settings['s3.media.bucket']
client = boto3.client('s3')
url = client.generate_presigned_url('put_object',
    Params={
        'Bucket': bucket,
        'Key': '%s/%s' % (data['category'], data['key']),
        'ACL': 'public-read',
        'ContentType': data['content_type'],
    },
    ExpiresIn=300,
    HttpMethod='PUT')

The resulting URL follows the standard naming pattern of https://<bucket>.s3.amazonaws.com/<path>. When I try to do the file upload from a browser the browser will first issue a CORS pre-flight OPTIONS request. This results in a 307 temporary redirect from AWS to https://<bucket>.*<region>*.amazonwas.com/<path>. Since redirects for CORS requests are not allowed the browser immediately aborts the request.

Is there a way to generate a URL that will not result in a redirect using boto3?

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Comments:10 (2 by maintainers)

github_iconTop GitHub Comments

3reactions
DavyCodecommented, Sep 7, 2018

I am using AWS sdk for uploads, after spending some time searching online i stumbled upon this thread. thanks to @lsimoneau 45581857 its turns out the exact same thing was happening. I simply pointed my request Url to the region on my bucket by attaching the region property and it worked.

const s3 = new AWS.S3({ accessKeyId: config.awsAccessKeyID, secretAccessKey: config.awsSecretAccessKey, region: ‘eu-west-2’ // add region here });

2reactions
JordonPhillipscommented, Jan 13, 2016

@Chronial In that case, you should either sign the request with sigv4 or remove that function from event handler. I’ll include this use case in #425 since it’s a bit of a gotcha. For now, here’s how to use sigv4:

import boto3
from botocore.client import Config

s3 = boto3.client('s3', 'us-west-2', config=Config(signature_version='s3v4'))
s3.generate_presigned_url('list_buckets')
u'https://s3-us-west-2.amazonaws.com/?~~etc~~~'
Read more comments on GitHub >

github_iconTop Results From Across the Web

How to solve CORS problems when redirecting to S3 signed ...
First, there is a request to the backend, asking to sign an S3 URL. Then a separate request is sent to the bucket...
Read more >
Deep dive into CORS configs on Amazon S3 | AWS Media Blog
This function returns a presigned URL which can be used in a subsequent POST to upload a file to Amazon S3.
Read more >
CORS. Presigned URL. S3 - Stack Overflow
CORS is a browser mechanism that prevents site A from making requests to site B (that's your bucket) unless site B agrees to...
Read more >
Working with S3 pre-signed URLs - Altostra
S3 pre-signed URLs grant temporary access to objects in AWS S3 buckets without the need to grant explicit permissions.
Read more >
S3 – Connection Aborted / Broken Pipe when uploading to ...
If I use the same code above to generate presigned URLs for any other bucket with a variety of ACL rules / CORS...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to Use botocore.response.StreamingBody as stdin PIPE

Next page

Very slow boto3.client.put_object