Heya I m trying to use pre signed POSTs

Heya, I'm trying to use pre-signed POSTs with R2 to have users directly upload images to my bucket. Thanks to some posts here I have the CORS portion working fine, but when now when I attempt the upload I get back a 400 with Invalid Argument: Authorization. Am I supposed to be putting something in the Authorization header? Appreciate any help, will post the entire request log in a thread
4 Replies
Fugi
FugiOP2y ago
CURL session for the request (slightly redacted)
$ curl 'https://c4388f020988b687c238667322195b29.r2.cloudflarestorage.com/mirai' \
> -H 'Accept: */*' \
> -H 'Accept-Language: en-US,en;q=0.9' \
> -H 'Cache-Control: no-cache' \
> -H 'Connection: keep-alive' \
> -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB' \
> -H 'Origin: http://localhost:3000' \
> -H 'Pragma: no-cache' \
> -H 'Referer: http://localhost:3000/' \
> -H 'Sec-Fetch-Dest: empty' \
> -H 'Sec-Fetch-Mode: cors' \
> -H 'Sec-Fetch-Site: cross-site' \
> -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' \
> -H 'sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"' \
> -H 'sec-ch-ua-mobile: ?0' \
> -H 'sec-ch-ua-platform: "Windows"' \
> --data-raw $'------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="bucket"\r\n\r\nmirai\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Algorithm"\r\n\r\nAWS4-HMAC-SHA256\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Credential"\r\n\r\n48b5c6eefee99d28dbfc64d0844153be/20230201/auto/s3/aws4_request\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Date"\r\n\r\n20230201T235252Z\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="key"\r\n\r\nuploads/84791f60f10dd90181734c80e2833713\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="Policy"\r\n\r\neyJleHBpcmF0aW9uIjoiMjAyMy0wMi0wMlQwMDowMjo1MloiLCJjb25kaXRpb25zIjpbWyJjb250ZW50LWxlbmd0aC1yYW5nZSIsNjQsMjYyMTQ0MDBdLFsic3RhcnRzLXdpdGgiLCIkQ29udGVudC1UeXBlIiwiaW1hZ2UvIl0seyJidWNrZXQiOiJtaXJhaSJ9LHsiWC1BbXotQWxnb3JpdGhtIjoiQVdTNC1ITUFDLVNIQTI1NiJ9LHsiWC1BbXotQ3JlZGVudGlhbCI6IjQ4YjVjNmVlZmVlOTlkMjhkYmZjNjRkMDg0NDE1M2JlLzIwMjMwMjAxL2F1dG8vczMvYXdzNF9yZXF1ZXN0In0seyJYLUFtei1EYXRlIjoiMjAyMzAyMDFUMjM1MjUyWiJ9LHsia2V5IjoidXBsb2Fkcy84NDc5MWY2MGYxMGRkOTAxODE3MzRjODBlMjgzMzcxMyJ9XX0=\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Signature"\r\n\r\n------------------REDACTED----------------------\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="file"; filename="Screenshot 2022-12-06 144019.png"\r\nContent-Type: image/png\r\n\r\n\u0089PNG\r\n\u0000IEND®B`\u0082\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB--\r\n' \
> --compressed -vvv
$ curl 'https://c4388f020988b687c238667322195b29.r2.cloudflarestorage.com/mirai' \
> -H 'Accept: */*' \
> -H 'Accept-Language: en-US,en;q=0.9' \
> -H 'Cache-Control: no-cache' \
> -H 'Connection: keep-alive' \
> -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB' \
> -H 'Origin: http://localhost:3000' \
> -H 'Pragma: no-cache' \
> -H 'Referer: http://localhost:3000/' \
> -H 'Sec-Fetch-Dest: empty' \
> -H 'Sec-Fetch-Mode: cors' \
> -H 'Sec-Fetch-Site: cross-site' \
> -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' \
> -H 'sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"' \
> -H 'sec-ch-ua-mobile: ?0' \
> -H 'sec-ch-ua-platform: "Windows"' \
> --data-raw $'------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="bucket"\r\n\r\nmirai\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Algorithm"\r\n\r\nAWS4-HMAC-SHA256\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Credential"\r\n\r\n48b5c6eefee99d28dbfc64d0844153be/20230201/auto/s3/aws4_request\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Date"\r\n\r\n20230201T235252Z\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="key"\r\n\r\nuploads/84791f60f10dd90181734c80e2833713\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="Policy"\r\n\r\neyJleHBpcmF0aW9uIjoiMjAyMy0wMi0wMlQwMDowMjo1MloiLCJjb25kaXRpb25zIjpbWyJjb250ZW50LWxlbmd0aC1yYW5nZSIsNjQsMjYyMTQ0MDBdLFsic3RhcnRzLXdpdGgiLCIkQ29udGVudC1UeXBlIiwiaW1hZ2UvIl0seyJidWNrZXQiOiJtaXJhaSJ9LHsiWC1BbXotQWxnb3JpdGhtIjoiQVdTNC1ITUFDLVNIQTI1NiJ9LHsiWC1BbXotQ3JlZGVudGlhbCI6IjQ4YjVjNmVlZmVlOTlkMjhkYmZjNjRkMDg0NDE1M2JlLzIwMjMwMjAxL2F1dG8vczMvYXdzNF9yZXF1ZXN0In0seyJYLUFtei1EYXRlIjoiMjAyMzAyMDFUMjM1MjUyWiJ9LHsia2V5IjoidXBsb2Fkcy84NDc5MWY2MGYxMGRkOTAxODE3MzRjODBlMjgzMzcxMyJ9XX0=\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Signature"\r\n\r\n------------------REDACTED----------------------\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="file"; filename="Screenshot 2022-12-06 144019.png"\r\nContent-Type: image/png\r\n\r\n\u0089PNG\r\n\u0000IEND®B`\u0082\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB--\r\n' \
> --compressed -vvv
* Trying 104.18.9.90:443...
* TCP_NODELAY set
* Connected to c4388f020988b687c238667322195b29.r2.cloudflarestorage.com (104.18.9.90) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=r2.cloudflarestorage.com
* start date: Jan 31 00:00:00 2023 GMT
* expire date: Apr 30 23:59:59 2023 GMT
* subjectAltName: host "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com" matched cert's "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
> POST /mirai HTTP/1.1
> Host: c4388f020988b687c238667322195b29.r2.cloudflarestorage.com
> Accept-Encoding: deflate, gzip, br
> Accept: */*
> Accept-Language: en-US,en;q=0.9
> Cache-Control: no-cache
> Connection: keep-alive
> Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB
> Origin: http://localhost:3000
> Pragma: no-cache
> Referer: http://localhost:3000/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
> sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: "Windows"
> Content-Length: 1531
> Expect: 100-continue
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Wed, 01 Feb 2023 23:53:24 GMT
< Content-Type: application/xml
< Content-Length: 131
< Connection: keep-alive
< Vary: Accept-Encoding
< Server: cloudflare
< CF-RAY: 792e9b35784727fe-SEA
<
* Connection #0 to host c4388f020988b687c238667322195b29.r2.cloudflarestorage.com left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>Invalid Argument: Authorization</Message></Error>
* Trying 104.18.9.90:443...
* TCP_NODELAY set
* Connected to c4388f020988b687c238667322195b29.r2.cloudflarestorage.com (104.18.9.90) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=r2.cloudflarestorage.com
* start date: Jan 31 00:00:00 2023 GMT
* expire date: Apr 30 23:59:59 2023 GMT
* subjectAltName: host "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com" matched cert's "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
> POST /mirai HTTP/1.1
> Host: c4388f020988b687c238667322195b29.r2.cloudflarestorage.com
> Accept-Encoding: deflate, gzip, br
> Accept: */*
> Accept-Language: en-US,en;q=0.9
> Cache-Control: no-cache
> Connection: keep-alive
> Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB
> Origin: http://localhost:3000
> Pragma: no-cache
> Referer: http://localhost:3000/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
> sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: "Windows"
> Content-Length: 1531
> Expect: 100-continue
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Wed, 01 Feb 2023 23:53:24 GMT
< Content-Type: application/xml
< Content-Length: 131
< Connection: keep-alive
< Vary: Accept-Encoding
< Server: cloudflare
< CF-RAY: 792e9b35784727fe-SEA
<
* Connection #0 to host c4388f020988b687c238667322195b29.r2.cloudflarestorage.com left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>Invalid Argument: Authorization</Message></Error>
kian
kian2y ago
Presigned POST isn’t supported You’ll need to use normal PutObject
Fugi
FugiOP2y ago
Ah thank you! That's unfortunate since presigned PUTs don't allow restricting upload sizes or types. Hopefully that can come in the future. For now it'd be nice if the documentation called that out, I didn't see any warnings on either the S3 compatability page nor the Presigned URLs page
kian
kian2y ago
You can presign the Content-???? headers - but only with the exact values, so it’s not the best
Want results from more Discord servers?
Add your server