I use fine-uploader (5.1.3) on my site to upload files to my Amazon S3 bucket.
This all works fine however I am now in the process of putting my entire site in HTTPS. Having done this and accessing the upload page over https I now get the following errors / debug output whenever the user tries to upload an image:
Error:
https://mywebsite.bucket.bucketname.s3-eu-west-1.amazonaws.com/ net::ERR_INSECURE_RESPONSE
Full debug Output:
[Fine Uploader 5.1.3] Parsing template
[Fine Uploader 5.1.3] Template parsing complete
[Fine Uploader 5.1.3] Rendering template in DOM.
[Fine Uploader 5.1.3] Template rendering complete
[Fine Uploader 5.1.3] Received 1 files.
[Fine Uploader 5.1.3] Attempting to validate image.
[Fine Uploader 5.1.3] Attempting to generate a blob on-demand for 0
[Fine Uploader 5.1.3] Attempting to generate scaled version for my_image.jpg
[Fine Uploader 5.1.3] Attempting to draw client-side image preview.
[Fine Uploader 5.1.3] Attempting to determine if my_image.jpg can be rendered in this browser
[Fine Uploader 5.1.3] First pass: check type attribute of blob object.
[Fine Uploader 5.1.3] Second pass: check for magic bytes in file header.
[Fine Uploader 5.1.3] 'my_image.jpg' is able to be rendered in this browser
[Fine Uploader 5.1.3] Moving forward with EXIF header parsing for 'my_image.jpg'
[Fine Uploader 5.1.3] EXIF Byte order is big endian
[Fine Uploader 5.1.3] Found 12 APP1 directory entries
[Fine Uploader 5.1.3] Successfully parsed some EXIF tags
[Fine Uploader 5.1.3] Success generating scaled version for my_image.jpg
[Fine Uploader 5.1.3] Generated an on-demand blob for 0
[Fine Uploader 5.1.3] Maybe ready to upload proxy group file 0
[Fine Uploader 5.1.3] Sending simple upload request for 0
[Fine Uploader 5.1.3] Submitting S3 signature request for 0
[Fine Uploader 5.1.3] Sending POST request for 0
[Fine Uploader 5.1.3] Sending upload request for 0
https://mywebsite.bucket.bucketname.s3-eu-west-1.amazonaws.com/ net::ERR_INSECURE_RESPONSE
[Fine Uploader 5.1.3] Received response status 0 with body:
[Fine Uploader 5.1.3] Simple upload request failed for 0
[Fine Uploader 5.1.3] Generated blob upload has ended for 0, disposing generated blob.
I have changed the endpoint to include the https. It all works perfectly fine when the page is in HTTP but just not HTTPS.
Do I need to change any other references/files?
My bucket policy on amazon is:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mywebsite.bucket.bucketname/*"
}
]
}
I've added the https version of my site on the cors configuration in amazon too and full configuration is below:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://www.mywebsite.com</AllowedOrigin>
<AllowedOrigin>http://mywebsite.com</AllowedOrigin>
<AllowedOrigin>https://www.mywebsite.com</AllowedOrigin>
<AllowedOrigin>https://mywebsite.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Your bucket name of "storage.bucket.customer" is invalid for SSL connections. From the S3 bucket restrictions page:
When using virtual hosted–style buckets with SSL, the SSL wildcard certificate only matches buckets that do not contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (".") in bucket names.
If you inspect the HTTP response, you will likely see more information related to this issue.