Jason McCarrell February 2016

s3 failing on preflight even with cors all methods and origins

I don't understand... it seems simple, yet it fails on the options call for the put request. "Response for preflight is invalid"

S3 CORS:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

The url:

http://localhost:9002/api/sign_s3?file_name=wCyQZgrKIS24oR4MV4hdPP-UXDNQ6P9MvOj6DRMPcJU.jpg&file_type=image/jpeg

The url to s3 (keys removed):

https://jayehtest.s3.amazonaws.com/wCyQZgrKIS24oR4MV4hdPP-UXDNQ6P9MvOj6DRMPcJU.jpg?AWSAccessKeyId=xxx&Content-Type=image%2Fjpeg&Expires=1454923884&Signature=xxx&x-amz-acl=public-read

The code to generate the put:

    Aws.config.update({accessKeyId: process.env.AWS_ACCESS_KEY, secretAccessKey: process.env.AWS_SECRET_KEY});
    var s3 = new Aws.S3();
    var s3_params = {
        Bucket: process.env.S3_BUCKET,
        Key: req.query.file_name,
        //Expires: 120,
        //ContentType:  req.query.file_type,
        ContentType: "multipart/form-data",
        ACL: 'public-read-write',
    };
    s3.getSignedUrl('putObject', s3_params, function(err, data){
        console.log('got signed url!');
        if(err)
            res.status(500).json({error: err});
        else
            res.status(200).json({
                signed_request: data,
                url: 'https://'+process.env.S3_BUCKET+'.s3.amazonaws.com/'+req.query.file_name
            });
    });

The code to make the put request:

          

Answers


Jason McCarrell February 2016

There are so many stupid layers to S3, but I needed to get a few things perfect:

  1. the headers needed to match exactly. Content-Type needed to be character for character the same.

  2. x-amz-acl and ACL on node need to both be set to at least public-read

  3. You need to generate a bucket policy in s3 that gives permission to your ACCESS_KEY

  4. It needs to be a PUT request [but this is something that I resolved quickly]

Notes: I created an IAM user, but then didn't use it. The IAM user didn't even work. It works fine with the public keys.

Post Status

Asked in February 2016
Viewed 1,091 times
Voted 9
Answered 1 times

Search




Leave an answer