Reputation: 1744
Coldfusion CFUPLOAD to S3 Permissions Issue - Can't view image
Using Coldfusion, I am successfully able to upload an image to an Amazon S3 bucket and folder. I can confirm that the file is there. This is the code:
<cfparam name="attributes.bSubmit" default="" />
<cfif Trim(attributes.bSubmit) NEQ "">
<cfset local.filePath = "#application.Config.cdnDirAbs#/public/" />
<cffile action="upload" filefield="tFile" destination="#local.filePath#" nameconflict="makeunique" charset="utf-8" />
<cfoutput>DONE UPLOAD</cfoutput>
<cfoutput>
<img src="#application.Config.staticContentDirAbs#/public/#cffile.clientfile#">
</cfoutput>
</cfif>
<form method="post" enctype="multipart/form-data">
Select a File
<input type="file" name="tFile" />
<input type="submit" value="Submit" name="bSubmit" />
</form>
As you can see, I am uploading an image file to the "public" folder of my Amazon S3 bucket.
That folder "public", has the "READ" permission set for "ALL USERS".
However, when the image is uploaded, it does not inherit this permission.
So when I try and display the image, it doesn't display. When I view it in the browser by its url, it displays xml with the message "AccessDenied".
If I manually set that image/object's permission to READ for ALL USERS and run the page, or view the url again, then it works.
How do I get the uploaded object to inherit the READ permission of its parent folder ("public"). OR alternatively, how can I set the permission of the uploaded image/object after I upload the image?
Thanks!
UPDATE: I have also added an S3 Bucket Policy, which has ALMOST done the job. Using the policy below, I can now view upload images, and when I right click the image, and select "open image in new tab", I can view it fine too.
HOWEVER, if I copy the image's URL and paste it into a new browser tab and click enter, it still gives an "ACCESSDENIED" error in that one specific scenario. Which is very strange. Any ideas why?
{
"Version": "2008-10-17",
"Id": "Policy1380565312345",
"Statement": [
{
"Sid": "Stmt1380565312345",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mysitedev/*",
"Condition": {
"StringLike": {
"aws:Referer": "*"
}
}
}
]
}
Upvotes: 4
Views: 594
Answers (1)
Reputation: 1738
Initially you were missing a complete S3 Bucket Policy, but we hashed that out in the comments.
It appears as though you've set up a Policy using a template from their support page.
One critical error - you filled out the Condition clause, meaning the Bucket will look for reasons to stop the request from going through. In your case, you specified an expected referrer, which means anyone who copied and pasted a direct link in a new tab would have been stopped.
I suspect your code now looks something like this, having removed your Conditions:
{
"Version": "2008-10-17",
"Id": "Policy1380565312345",
"Statement": [{
"Sid": "Stmt1380565312345",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mysitedev/*"
}]
}
And that your Bucket is accepting ALL requests by the public to view that content. Enjoy!
Upvotes: 2
Related Questions
- Why image generated from base64 binary data won't display?
- When requested object from CF origin doesn't exist, s3 not following redirection rules (Access Denied instead)
- Coldfusion : Trying to upload Files in AWS S3
- CFDirectory Create on S3?
- S3/Cloudfront does not send image/jpeg Content-Type
- Brightcove AWS S3 upload returning InvalidAccessKeyId in Coldfusion
- What is the coldfusion code to upload a file in amazon s3 api?
- S3 upload image file security issue
- Why aren't my files showing? Using Amazon S3 with ColdFusion
- Coldfusion & Amazon S3 - Setting the Content Type?