FineUploader:更改罐头ACL值时,S3访问被拒绝响应 [英] FineUploader: S3 Access Denied Response when Canned ACL value is changed
问题描述
我有一个运行良好的S3 Fine Uploader实现.默认情况下,它可以正常上传文件,但它们是私有文件.根据FineUploader的文档,我在我的客户端js配置中为FineUploader添加了objectProperties选项,以使文件公开:
I have an S3 Fine Uploader implementation working great. By default, it uploads files fine but they are private. Based on FineUploader's documentation I added the objectProperties option as follows to my client-side js config for FineUploader to make the files public:
objectProperties: {
acl: "public-read"
},
但是现在我在上传过程中收到来自s3的访问被拒绝响应:
However I now get an access denied response from s3 during upload:
<Error><Code>AccessDenied</Code><Message>Access Denied</Message>
<RequestId>(removed)</RequestId>
<HostId>(removed)</HostId>
</Error>
如果有帮助,这是我的CORS存储桶政策:
If it helps, this is my CORS Bucket Policy:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>content-type</AllowedHeader>
<AllowedHeader>origin</AllowedHeader>
<AllowedHeader>x-amz-acl</AllowedHeader>
<AllowedHeader>x-amz-meta-qqfilename</AllowedHeader>
<AllowedHeader>x-amz-date</AllowedHeader>
<AllowedHeader>authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
这是请求的原始HTTP转储:
This is the raw HTTP dump of the request:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:39643
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryR70e49pqaNEGSsT1
Host:quickfunnel.s3.amazonaws.com
Origin:http://mysite.local
Referer:http://mysite.local/dashboard/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Request Payload
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="key"
d50e0c4f-1886-48bb-b077-075fca79b6dc.JPG
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="AWSAccessKeyId"
ACCESS-KEY-REMOVED
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="Content-Type"
image/jpeg
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="success_action_status"
200
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="acl"
public-read
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="x-amz-meta-qfclientid"
1
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="x-amz-meta-qqfilename"
Capture.JPG
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="policy"
eyJleHBpcmF0aW9uIjoiMjAxNC0wMS0wMlQyMzo0MzoxMC4wNDVaIiwiY29uZGl0aW9ucyI6W3siYWNsIjoicHVibGljLXJlYWQifSx7ImJ1Y2tldCI6InF1aWNrZnVubmVsIn0seyJDb250ZW50LVR5cGUiOiJpbWFnZS9qcGVnIn0seyJzdWNjZXNzX2FjdGlvbl9zdGF0dXMiOiIyMDAifSx7ImtleSI6ImQ1MGUwYzRmLTE4ODYtNDhiYi1iMDc3LTA3NWZjYTc5YjZkYy5KUEcifSx7IngtYW16LW1ldGEtcWZjbGllbnRpZCI6IjEifSx7IngtYW16LW1ldGEtcXFmaWxlbmFtZSI6IkNhcHR1cmUuSlBHIn0sWyJjb250ZW50LWxlbmd0aC1yYW5nZSIsIjAiLCIxNTAwMDAwMCJdXX0=
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="signature"
K7FC4Toe/xmr0SKGOTy6NG+morw=
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="file"; filename="Capture.JPG"
Content-Type: image/jpeg
------WebKitFormBoundaryR70e49pqaNEGSsT1--
推荐答案
很可能您没有正确配置客户端IAM组.为了脱离默认ACL私有",与请求关联的IAM组必须能够执行"s3:PutObjectAcl"操作.您需要确保与客户端密钥关联的IAM组具有此权限.
Most likely, you have not properly configured your client-side IAM group. In order to deviate from the default ACL of "private", the IAM group associated with the request must be able to perform that "s3:PutObjectAcl" action. You'll need to ensure the IAM group associated with your client-side keys has this permission.
这篇关于FineUploader:更改罐头ACL值时,S3访问被拒绝响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
