使用签名 URL 上传到 S3 时获取 403(禁止) [英] Getting 403 (Forbidden) when uploading to S3 with a signed URL

问题描述

我正在尝试生成一个预先签名的 URL，然后通过浏览器将文件上传到 S3.我的服务器端代码如下所示，并生成 URL:

I'm trying to generate a pre-signed URL then upload a file to S3 through a browser. My server-side code looks like this, and it generates the URL:

let s3 = new aws.S3({
  // for dev purposes
  accessKeyId: 'MY-ACCESS-KEY-ID',
  secretAccessKey: 'MY-SECRET-ACCESS-KEY'
});
let params = {
  Bucket: 'reqlist-user-storage',
  Key: req.body.fileName, 
  Expires: 60,
  ContentType: req.body.fileType,
  ACL: 'public-read'
};
s3.getSignedUrl('putObject', params, (err, url) => {
  if (err) return console.log(err);
  res.json({ url: url });
});

这部分似乎工作正常.如果我记录它并将它传递给前端，我可以看到 URL.然后在前端，我尝试使用 axios 和签名 URL 上传文件:

This part seems to work fine. I can see the URL if I log it and it's passing it to the front-end. Then on the front end, I'm trying to upload the file with axios and the signed URL:

.then(res => {
    var options = { headers: { 'Content-Type': fileType } };
    return axios.put(res.data.url, fileFromFileInput, options);
  }).then(res => {
    console.log(res);
  }).catch(err => {
    console.log(err);
  });
}

这样，我收到了 403 Forbidden 错误.如果我点击链接，就会有一些包含更多信息的 XML:

With that, I get the 403 Forbidden error. If I follow the link, there's some XML with more info:

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>
...etc

推荐答案

您的请求需要与签名完全匹配.一个明显的问题是，您实际上并未在请求中包含预制 ACL，即使您将其包含在签名中.改成这样:

Your request needs to match the signature, exactly. One apparent problem is that you are not actually including the canned ACL in the request, even though you included it in the signature. Change to this:

var options = { headers: { 'Content-Type': fileType, 'x-amz-acl': 'public-read' } };

这篇关于使用签名 URL 上传到 S3 时获取 403(禁止)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！