How do you specify an ACL policy when creating an S3 signed URL with Clojure's Amazonica?
I'm trying to make an upload have an ACL of public-read. The docs are super thin for Amazonica, and after hours of tinkering, I'm no closer to figuring out how to accomplish this goal. In short, I can't figure out how to get it to sign the header.
Server side, my code looks like this.
(s3/generate-presigned-url
creds
{:bucket-name "mybucket"
:method "PUT"
:expires 10000
:key "my-key"
:cache-control "max-age=31557600;"
:request-parameters {:x-amz-acl "public-read"}
})
Client side, I grab the URL that creates and do an XHR PUT request
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
And this works perfectly, with the exception that it has the wrong ACL: "private" rather than "public"
Adding it client side is easy
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.setRequestHeader('x-amz-acl', 'public-read')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
But the request of course fails due to HeadersNotSigned. I can't at all figure out how to add it server side so that they get signed. The SignedHeaders section never includes any additional parameters.
I've blindly tried all sorts of combos
(s3/generate-presigned-url
creds
{:headers {:x-amz-acl "public-read"}
:x-amz-acl "public-read"
:metadata {:x-amz-acl "public-read"}
:signed-headers {:x-amz-acl "public-read"}
:amz-acl "public-read"
:x-amz-signed-headers {:x-amz-acl "public-read"}
:X-Amz-SignedHeaders ["x-amz-acl"]
:request-parameters {:x-amz-acl "public-read"}
})
How do you add an ACL policy to a signed url?
amazon-s3 clojure amazonica
edited Nov 21 '18 at 3:13
akond
12.3k32748
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
add a comment |
I'm trying to make an upload have an ACL of public-read. The docs are super thin for Amazonica, and after hours of tinkering, I'm no closer to figuring out how to accomplish this goal. In short, I can't figure out how to get it to sign the header.
Server side, my code looks like this.
(s3/generate-presigned-url
creds
{:bucket-name "mybucket"
:method "PUT"
:expires 10000
:key "my-key"
:cache-control "max-age=31557600;"
:request-parameters {:x-amz-acl "public-read"}
})
Client side, I grab the URL that creates and do an XHR PUT request
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
And this works perfectly, with the exception that it has the wrong ACL: "private" rather than "public"
Adding it client side is easy
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.setRequestHeader('x-amz-acl', 'public-read')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
But the request of course fails due to HeadersNotSigned. I can't at all figure out how to add it server side so that they get signed. The SignedHeaders section never includes any additional parameters.
I've blindly tried all sorts of combos
(s3/generate-presigned-url
creds
{:headers {:x-amz-acl "public-read"}
:x-amz-acl "public-read"
:metadata {:x-amz-acl "public-read"}
:signed-headers {:x-amz-acl "public-read"}
:amz-acl "public-read"
:x-amz-signed-headers {:x-amz-acl "public-read"}
:X-Amz-SignedHeaders ["x-amz-acl"]
:request-parameters {:x-amz-acl "public-read"}
})
How do you add an ACL policy to a signed url?
amazon-s3 clojure amazonica
edited Nov 21 '18 at 3:13
akond
12.3k32748
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
add a comment |
I'm trying to make an upload have an ACL of public-read. The docs are super thin for Amazonica, and after hours of tinkering, I'm no closer to figuring out how to accomplish this goal. In short, I can't figure out how to get it to sign the header.
Server side, my code looks like this.
(s3/generate-presigned-url
creds
{:bucket-name "mybucket"
:method "PUT"
:expires 10000
:key "my-key"
:cache-control "max-age=31557600;"
:request-parameters {:x-amz-acl "public-read"}
})
Client side, I grab the URL that creates and do an XHR PUT request
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
And this works perfectly, with the exception that it has the wrong ACL: "private" rather than "public"
Adding it client side is easy
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.setRequestHeader('x-amz-acl', 'public-read')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
But the request of course fails due to HeadersNotSigned. I can't at all figure out how to add it server side so that they get signed. The SignedHeaders section never includes any additional parameters.
I've blindly tried all sorts of combos
(s3/generate-presigned-url
creds
{:headers {:x-amz-acl "public-read"}
:x-amz-acl "public-read"
:metadata {:x-amz-acl "public-read"}
:signed-headers {:x-amz-acl "public-read"}
:amz-acl "public-read"
:x-amz-signed-headers {:x-amz-acl "public-read"}
:X-Amz-SignedHeaders ["x-amz-acl"]
:request-parameters {:x-amz-acl "public-read"}
})
How do you add an ACL policy to a signed url?
amazon-s3 clojure amazonica
edited Nov 21 '18 at 3:13
akond
12.3k32748
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
I'm trying to make an upload have an ACL of public-read. The docs are super thin for Amazonica, and after hours of tinkering, I'm no closer to figuring out how to accomplish this goal. In short, I can't figure out how to get it to sign the header.
Server side, my code looks like this.
(s3/generate-presigned-url
creds
{:bucket-name "mybucket"
:method "PUT"
:expires 10000
:key "my-key"
:cache-control "max-age=31557600;"
:request-parameters {:x-amz-acl "public-read"}
})
Client side, I grab the URL that creates and do an XHR PUT request
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
And this works perfectly, with the exception that it has the wrong ACL: "private" rather than "public"
Adding it client side is easy
var xhr = new XMLHttpRequest();
xhr.open("PUT", signedUrl);
xhr.setRequestHeader('Cache-Control', 'max-age=31557600')
xhr.setRequestHeader('x-amz-acl', 'public-read')
xhr.onload = ...
xhr.onerror = ...
xhr.send(file);
But the request of course fails due to HeadersNotSigned. I can't at all figure out how to add it server side so that they get signed. The SignedHeaders section never includes any additional parameters.
I've blindly tried all sorts of combos
(s3/generate-presigned-url
creds
{:headers {:x-amz-acl "public-read"}
:x-amz-acl "public-read"
:metadata {:x-amz-acl "public-read"}
:signed-headers {:x-amz-acl "public-read"}
:amz-acl "public-read"
:x-amz-signed-headers {:x-amz-acl "public-read"}
:X-Amz-SignedHeaders ["x-amz-acl"]
:request-parameters {:x-amz-acl "public-read"}
})
How do you add an ACL policy to a signed url?
amazon-s3 clojure amazonica
amazon-s3 clojure amazonica
edited Nov 21 '18 at 3:13
akond
12.3k32748
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
edited Nov 21 '18 at 3:13
akond
12.3k32748
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
edited Nov 21 '18 at 3:13
akond
12.3k32748
edited Nov 21 '18 at 3:13
akond
12.3k32748
edited Nov 21 '18 at 3:13
akond
12.3k32748
12.3k32748
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
asked Nov 20 '18 at 23:36
el_foobarel_foobar
211
211
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I don't have a direct answer to that, but a workaround for your consideration: making all objects in your s3 bucket default to public-read.
You can do this by adding this bucket policy to your bucket (replace bucketnm of course):
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53403225%2fhow-do-you-specify-an-acl-policy-when-creating-an-s3-signed-url-with-clojures-a%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I don't have a direct answer to that, but a workaround for your consideration: making all objects in your s3 bucket default to public-read.
You can do this by adding this bucket policy to your bucket (replace bucketnm of course):
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
add a comment |
I don't have a direct answer to that, but a workaround for your consideration: making all objects in your s3 bucket default to public-read.
You can do this by adding this bucket policy to your bucket (replace bucketnm of course):
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
add a comment |
I don't have a direct answer to that, but a workaround for your consideration: making all objects in your s3 bucket default to public-read.
You can do this by adding this bucket policy to your bucket (replace bucketnm of course):
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
I don't have a direct answer to that, but a workaround for your consideration: making all objects in your s3 bucket default to public-read.
You can do this by adding this bucket policy to your bucket (replace bucketnm of course):
{
"Id": "Policy1397632521960",
"Statement": [
{
"Sid": "Stmt1397633323327",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketnm/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
answered Nov 21 '18 at 4:55
celwellcelwell
81931126
81931126
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53403225%2fhow-do-you-specify-an-acl-policy-when-creating-an-s3-signed-url-with-clojures-a%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
