Search code examples
amazon-s3corsjqxhr

Amazon S3 direct upload: CORS error

I'm unable to do a direct upload (javascript XHR) on my S3 bucket, because of CORS blocking system. I'm using PHP to generate direct a upload link, with an upload policy and S3 signature:

{"key": "501/source/${filename}", "AWSAccessKeyId": "AKIAIIG**********", "acl": "private","policy": "ey JleHBpcmF0aW***************", "signature": "j2UnJRfj+uC+FazEF+wPnuJpdcs=", "success_action_status": "201"}

But when I try to upload a file to generated link, I get following error from Firefox:

Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my.bucket.s3.amazonaws.com. This can be fixed by moving the resource to the same domain or enabling CORS.

My bucket is correctly configured with a CORS policy to allow POST from everywhere:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

What more should I do?

Here is the PHP code I use to generate the policy & S3 signature :

$key = '42/source/';
$policy = json_encode(array(
    'expiration' => date('Y-m-d\TG:i:s\Z', strtotime('+6 hours')),
    'conditions' => array(
        array('bucket' => 'my.bucket'),
        array('acl' => 'private'),
        array('starts-with', '$key', $key),
        array('success_action_status' => '201')
    )
));
$policy = base64_encode($policy);
$signature = base64_encode(hash_hmac('sha1', $policy, 'G3wzaTNwnQC2mQB3****************', true));
return array(
    'key' => $key.'${filename}',
    'AWSAccessKeyId' => 'AKIAIIG**********',
    'acl' => 'private',
    'policy' => $policy,
    'signature' => $signature,
    'success_action_status' => '201'
);

I then use this array of params in my JavaScript fileupload() script to direct upload to Amazon S3 (XHR request).

Thanks for your help, Philippe S.

Solution

  • If anyone is stuck... NEVER use a dot "." in your bucket name. It's causing some SSL certificate troubles, as a new sub domain.

    Eg: you named your bucket "my.bucket", then it will be understood as "my" subdomain of "bucket".

    Just use "-" or "_" instead of the dot.