Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

A way to pass credentials for upload using `aws-s3` plugin

See original GitHub issue

I’m sorry to open an issue because I’m sorry to disturb the authors of a splendid project like this.

However, after having searched for a long time among the issues, I did not find what I was looking for and I think it is necessary.

I’m using @uppy/aws-s3 with a server-side implementation that based on business rules sometimes presigns towards AWS servers and other times towards other servers on which you have to be authenticated to upload.

And authentication takes place via cookies which in the current implementation I cannot send.

The code I am using is:

const uppy = new Uppy().use(AwsS3, {
  async getUploadParameters(file) {
    return await fetch("https://server/sign", { credentials: "include" })
      .then((response) => response.json())
      .then((data) => {
        return {
          method: data.method,
          url: data.url,
        };
      });
  },
});

It would be amazing to have something like this:

.then((data) => {
  return {
    method: data.method,
    url: data.url,
    credentials: data.credentials // can be the canonical "same-origin", "include" etc.
  };
});

Is there another way to solve this?

Again, thank you for your amazing work!

Issue Analytics

State:
Created 2 years ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

mificommented, Jan 3, 2022

Thanks for discussing this with us. I have discussed with the team, and because this seems to be only used for your particular server implementation, and cookies is not something used by any other popular S3 implementations, we unfortunately think that this is not something that we are going to support. Maybe you can rewrite your server implementation to use signing instead of cookies to verify the operations, like S3 does?

If it turns out that cookies are indeed used by popular S3-like implementations, then I’m open for revisiting this, but closing for now.

0reactions

frederikhorscommented, Dec 11, 2021

You understood everything correctly. In this case the s3-like endpoints are always mine and I need to pass the credentials.

I think an option like withCredentials on @uppy/xhr-upload is not a big “protocol violation” anyway.