使用签名的URL上传到S3时获得403(禁止) [英] Getting 403 (Forbidden) when uploading to S3 with a signed URL

问题描述

我正在尝试生成一个预签名的URL，然后通过浏览器将文件上传到S3.我的服务器端代码如下所示，它生成了URL:

I'm trying to generate a pre-signed URL then upload a file to S3 through a browser. My server-side code looks like this, and it generates the URL:

let s3 = new aws.S3({
  // for dev purposes
  accessKeyId: 'MY-ACCESS-KEY-ID',
  secretAccessKey: 'MY-SECRET-ACCESS-KEY'
});
let params = {
  Bucket: 'reqlist-user-storage',
  Key: req.body.fileName, 
  Expires: 60,
  ContentType: req.body.fileType,
  ACL: 'public-read'
};
s3.getSignedUrl('putObject', params, (err, url) => {
  if (err) return console.log(err);
  res.json({ url: url });
});

这部分似乎工作正常.如果我记录了该URL，并将其传递到前端，则可以看到该URL.然后在前端，我尝试使用axios和签名的URL上传文件:

This part seems to work fine. I can see the URL if I log it and it's passing it to the front-end. Then on the front end, I'm trying to upload the file with axios and the signed URL:

.then(res => {
    var options = { headers: { 'Content-Type': fileType } };
    return axios.put(res.data.url, fileFromFileInput, options);
  }).then(res => {
    console.log(res);
  }).catch(err => {
    console.log(err);
  });
}

这样，我得到了403 Forbidden错误.如果我点击该链接，那么会有一些XML包含更多信息:

With that, I get the 403 Forbidden error. If I follow the link, there's some XML with more info:

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your key and signing method.
</Message>
...etc

推荐答案

您的请求需要完全匹配签名.一个明显的问题是，即使在签名中包含了罐头ACL，您实际上也没有在请求中包括它.更改为此:

Your request needs to match the signature, exactly. One apparent problem is that you are not actually including the canned ACL in the request, even though you included it in the signature. Change to this:

var options = { headers: { 'Content-Type': fileType, 'x-amz-acl': 'public-read' } };

这篇关于使用签名的URL上传到S3时获得403(禁止)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！