CODEWITHSUNDEEP
amazon-web-servicesamazon-s3
gordyr
gordyr

Reputation: 6276

How can I set S3 putObject options when using signed URL's to upload files from the client

I am using signed urls to upload files directly from the client straight into my S3 bucket. To do this I perform a direct put request to upload the file itself after having creating a signed URL of the command I want to perform.

I create the signed url like so:

      $command = $s3->getCommand('PutObject', array(
                    'Bucket' => $this->_bucket,
                    'Key' => $key,
                    'ACL' => 'public-read',
                    'CacheControl' => 'max-age=0',
                    'ContentEncoding' => 'gzip',
                    'ContentType' => $filetype,
                    'Body' => '',
                    'ContentMD5' => false
                ));


 $signedUrl = $command->createPresignedUrl('+6 hours');

However, after then performing the put request and uploading the file itself the Cache-Control and Content-Encoding headers are not set.

Does anyone have any idea where I am going wrong?

Upvotes: 2

Views: 1269

Answers (1)

Michael - sqlbot
Michael - sqlbot

Reputation: 179194

The headers still have to be set in the PUT request. Including them in the signed url isn't sufficient.

The pre-signed URL only serves to ensure that the actual request parameters match the authorized request parameters (otherwise the request fails).

So, if what I am saying is correct, then if these parameters aren't being sent with the request, it should fail, right? Almost.

Unfortunately, V2 authentication does not validate all request headers, such as Content-Encoding for example:

Note how only the Content-Type and Content-MD5 HTTP entity headers appear in the StringToSign. The other Content-* entity headers do not.

http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html

The same is true for Cache-Control. Only x-amz-* headers are subject to validation against the signature provided in V2 (which uses &Signature= in the Query string).

V4 auth (which, by contrast, uses &X-Amz-Signature= in the query string) contains a mechanism allowing you to specify which headers need validation against the signature, but in either case, you have to send the headers with the actual request itself, not just include them in the signature. It appears that you aren't, and that's why they are not set.

Upvotes: 2

Related Questions