Reputation: 4187
Google storage with signed url
How to upload file with content-type mutlipart/formdata ---boundaryString
using signed url of google storage ?
The problem i am facing is when we use browser to upload a file the browser puts the content type of mutlipart/formdata ---boundaryString where boundaryString is a dynamic part of the content-type header value.
Now since the google signing method require content-type to be a part of signature. Generating a signed url became impossible.
Upvotes: 3
Views: 2698
Answers (1)
Reputation: 38399
For uploading using a form on the web, GCS provides an alternative to a regular signed URL called a "policy document." A policy document is a signed upload policy filled with a description of what sorts of uploads are and are not okay and are included as one of the parameters of your form post.
See https://cloud.google.com/storage/docs/xml-api/post-object#policydocument for details.
So, for example, an HTML form that allowed uploads would look like this:
<form action="http://travel-maps.storage.googleapis.com"
method="post"
enctype="multipart/form-data">
<input type="text" name="key" value="">
<input type="hidden" name="bucket" value="travel-maps">
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="GoogleAccessId" value="[email protected]">
<input type="hidden" name="acl" value="bucket-owner-read">
<input type="hidden" name="success_action_redirect" value="http://www.example.com/success_notification.html">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjogIjIwMTAtMDYtMTZUMTE6MTE6MTFaIiwNCiAiY29uZGl0aW9ucyI6IFsNCiAgWyJzdGFydHMtd2l0aCIsICJrZXkiLCAiIiBdLA0KICB7ImFjbCI6ICJidWNrZXQtb3duZXItcmVhZCIgfSwNCiAgeyJidWNrZXQiOiAidHJhdmVsLW1hcHMifSwNCiAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1Y2Nlc3Nfbm90aWZpY2F0aW9uLmh0bWwiIH0sDQogIFsiZXEiLCAiQ29udGVudC1UeXBlIiwgImltYWdlL2pwZWciIF0sDQogIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAwLCAxMDAwMDAwXQ0KICBdDQp9">
<input type="hidden" name="signature" value="BSAMPLEaASAMPLE6SAMPLE+SAMPPLEqSAMPLEPSAMPLE+SAMPLEgSAMPLEzCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw=">
<input name="file" type="file">
<input type="submit" value="Upload">
</form>
The "policy" field contains a description of what the user can upload. It's a JSON document that's been base 64 encoded. Unencoded, it looks like this:
{"expiration": "2010-06-16T11:11:11Z",
"conditions": [
["starts-with", "$key", "" ],
{"acl": "bucket-owner-read" },
{"bucket": "travel-maps"},
{"success_action_redirect": "http://www.example.com/success_notification.html" },
["eq", "$Content-Type", "image/jpeg" ],
["content-length-range", 0, 1000000]
]
}
The "signature" field works like a signed URL would, except that you're signing the policy, not the request. It's the base64 encoding of the rsa/sha-256 of the policy document.
Upvotes: 5
Related Questions
- Google Cloud Storage get signedUrl from CDN npm
- Google cloud storage - How to specify allowed file formats as part of signed URL
- Google Cloud Storage Signed URL PUT Content-MD5
- Google cloud storage - signed urls - one time access
- Google Storage creating Signed Urls with your own program rather using google cloud libraries
- Generate signed URL for Google Cloud Storage with additional our own parameter
- SignatureDoesNotMatch Ruby on Rails Google Storage Signed URL
- Google Cloud Storage Signed URL forced response disposition
- google storage signed url public read
- Google Cloud Storage Signed Url for media