Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with acl in policy #2

Open
jxxcarlson opened this issue Mar 29, 2018 · 1 comment
Open

Issue with acl in policy #2

jxxcarlson opened this issue Mar 29, 2018 · 1 comment

Comments

@jxxcarlson
Copy link

Hi!

First of all, thanks so much for updating to AWS v4.

I'm getting the error message below, which has to do acl: "public_read".

I've tried both

credentials = %S3DirectUpload{file_name: filename, mimetype: mimetype, path: "/jxx", acl: "public-read"}
      |> S3DirectUpload.presigned

and

credentials = %S3DirectUpload{file_name: filename, mimetype: mimetype, path: "/jxx"}
      |> S3DirectUpload.presigned

with the same results.

Thanks so much in advance!

ERROR: BadStatus { status = { code = 403, message = "Forbidden" }, headers = Dict.fromList [("Content-Type","application/xml"),("x-amz-id-2","B1606...B5YP0="),("x-amz-request-id","DB7E7F348091C13B")], url = "https://noteimages.s3.amazonaws.com/", body = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Invalid according to Policy: Policy Condition failed: [\"eq\", \"$acl\", \"public-read\"]</Message><RequestId>DB7E7F348091C13B</RequestId><HostId>B1606y6Ok6yGc4E/cg5VEUWcN2E5h1BKyQsWaeEykYMd9R2ffOf+JDVzDiARYubCik/H1gB5YP0=</HostId></Error>" }
@akappen
Copy link
Owner

akappen commented Jul 30, 2018

Sorry for taking so long to get to this issue.

I am having trouble reproducing your error in my application, can you provide any additional details?

I tried using the default ACL:

%S3DirectUpload{file_name: file_name, mimetype: mimetype, path: path}

Which resulted in this struct:

%S3DirectUpload{
  acl: "public-read",
  file_name: "widget.jpg",
  mimetype: "image/jpeg",
  path: "tasks/440/7956556b-2649-4495-bfcb-65bcf0997e30"
}

And I tried specifying the ACL as "public-read":

%S3DirectUpload{file_name: file_name, mimetype: mimetype, path: path, acl: "public-read"}

Which resulted in this struct:

%S3DirectUpload{
  acl: "public-read",
  file_name: "widget.jpg",
  mimetype: "image/jpeg",
  path: "tasks/440/3f835134-6d14-45cd-85c3-b5661a15b7d1"
}

Both of these uploads were accepted by S3 in my application. I also tried adding a beginning slash on the path, the only other obvious difference, but that also worked for me.

Maybe there is something different in the client code doing the upload from the browser? Are you using a form or are you submitting the upload using javascript? Does the form's hidden input value for "acl" match the one in the pre-signed credentials?

Is the configured bucket already created in S3? Maybe there is a difference in how your S3 bucket is configured (Access Control List, Bucket Policy, CORS Configuration)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akappen @jxxcarlson