In particular, the problem is with image and "Content-Type: image/png".
I tried to upload image of .png type using different approaches:
"upload" using Admin Console for S3 with default upload options;
"upload" using Admin Console for S3 with explicit setting of content
type in meta data details;
using https://github.com/pkgcloud library
All three save content with proper metadata, as displayed:
.
However, if you try to access it via S3 http link, "Content-Type" is not set.
There is a workaround, which does not seem to work always though: open Admin Console for S3 and press "Save".
Does it look like an issue with S3 metadata, or should something additional be done to make Metadata be properly added to response?
p.s. cross-posted here as well: https://forums.aws.amazon.com/thread.jspa?threadID=195391&tstart=0
Related
I want to build an HLS streaming server using Signed Cookie.
The video file is video/test.m3u8 on the S3 bucket.
If s3ObjectKey is set to vides/* as in the picture, the file is not downloaded. Access Denied comes out.
If s3ObjectKey is set to vidos/test.m3u8, the file is downloaded.
I want to access all the files in the 'video' folder.
If it's not vidoes/*, I want to know how to set up to access all files.
There is no signed cookie example on ps. aws docunet.
It seems like you're using CookiesForCannedPolicy in AWS SDK for Java. Since canned policy doesn't support reusing the same policy statement for multiple files, I'll suggest that you can look into CookiesForCustomPolicy which allows you to put * in the resource prop and give the permission to access all files in a directory.
For more details on custom policy, you can refer to this developer guide
I am building an app which lets users upload pictures and share it with his/her friends only.
I am using spring restful services to upload content directly to s3.
The user is authorized using OAuth.
To upload an image an authorized user's js client invokes POST /images/{userid}
To download the image, the client has to invoke GET /images/{userid}/{imageid}
Each user's content is stored in s3 under his own folder name, and the downloading service as explained in point 4 is the one that has to be invoked. Unfortunately, this means I cannot assign this url as source to an image tag <img src="">, because the authorization token should be sent on GET request. I cannot make the contents of user folder public because only user and his friends are allowed to see the images. The current service will soon become a bottleneck and I would like to avoid that.
What is the recommended architecture/design to solve this problem?
Instead of having a service that loads and returns the entire image file from S3, you should have a service that simply generates an S3 presigned URL. Then the URL retrieved from that service can be used in the <img src=""> tags on your site. This will be much more performant since the web browser will ultimately download the image directly from S3, while also still being secure.
The flow for downloading the images would be like this
User invokes GET request to download image
At Server End
Authenticate user
Query DB for metadata
Create a time based auth token.
Create a image URL(S3 based) and append auth token created in previous step
At the client end(User browser) redirect user to new URL(this url is effectively S3 location+auth token )
Now direct request will comes at the server( image URL+ auth token)
authenticate the token and then show image to user
Above URL will not be valid for long time , but your images are secured. As auth token is time based it will cater your case like if some one make the image private/public remove a friend.Deleted images , Copy paste of image url etc ..
I've got a Django Rest API and a React Native app. I'd like to upload some files to my s3 bucket from my app.
I could do this :
User would like to upload an image --> GET my_api/s3/credentials/
App --> POST image directly to s3 using credentials (access/private keys)
The problem is that once the user has the accessKey and privateKey, he can use it indefinitely.
Is there a way to retrieve temporary credentials I could give to the user after a call on my_api/s3/credentials/ ?
I've found an answer. It is possible to generate from server side a temporary URL to POST your content.
details here
I'm writing app that handles large files upload (eg. 10GB). I want to use direct upload to S3 (pre-signed URL) and give that possibility for my web users. My steps are:
I'm creating IAM user with only "PUT" permission
I'm creating upload policy on the server side (and putting there information about max file size, file content type and policy expiration time (eg. 3 hours)
Web user is uploading the file using html form with that policy and pre-signed URL.
I'm checking the file headers on a server side after succesfull upload.
Now, I'm wondering about downsides and security issues of this approach. There are any?
Thank you.
I want to use S3 to store user uploaded excel files - obviously I only want that S3 file to be accessible by that user.
Right now my application accomplishes this by checking if the user is correct, then hitting the URL https://s3.amazonaws.com/datasets.mysite.com/1243 via AJAX. I can use CORS to allow this AJAX only from https://www.mysite.com.
However if you just type https://s3.amazonaws.com/datasets.mysite.com/1243 into the browser, you can get any file :P
How do I stop S3 from serving files directly, and only enable it to be served via ajax (where I already control access with CORS)?
It is not about AJAX or not, it is about permissions and authorization.
First, your buckets should be private unlike their current state which is world visible.
Then in order for your users to connect, you create a temporary download link which in AWS world called S3 Pre-signed Request.
You generate them in your back-end, here is a java sample
Enjoy,
R