Reputation: 63627
Only make S3 files accessible through ajax
I want to use S3 to store user uploaded excel files - obviously I only want that S3 file to be accessible by that user.
Right now my application accomplishes this by checking if the user is correct, then hitting the URL https://s3.amazonaws.com/datasets.mysite.com/1243 via AJAX. I can use CORS to allow this AJAX only from https://www.mysite.com.
However if you just type https://s3.amazonaws.com/datasets.mysite.com/1243 into the browser, you can get any file :P
How do I stop S3 from serving files directly, and only enable it to be served via ajax (where I already control access with CORS)?
Upvotes: 0
Views: 294
Answers (1)
Reputation: 1145
It is not about AJAX or not, it is about permissions and authorization.
First, your buckets should be private unlike their current state which is world visible.
Then in order for your users to connect, you create a temporary download link which in AWS world called S3 Pre-signed Request.
You generate them in your back-end, here is a java sample
Enjoy, R
Upvotes: 1
Related Questions
- Make Amazon S3 files available only to logged in users
- How to make files in S3 publicly accessible but block public uploads?
- AWS S3 Prevent Files From Being Download From Browser URL
- AWS S3 – allow user to only access his files
- AWS S3 Access Policy - Restricting Folder Access
- Only permit authenticated access to S3 files
- Only allow S3 files on my site
- Restricting amazon s3 access for a web application?
- Restrict direct access to s3 files from website only it should open
- Host files in S3, allow public read but not downloading