CD
Cloudflare Developers2y ago
Fugi

Heya I m trying to use pre signed POSTs

Heya, I'm trying to use pre-signed POSTs with R2 to have users directly upload images to my bucket. Thanks to some posts here I have the CORS portion working fine, but when now when I attempt the upload I get back a 400 with Invalid Argument: Authorization. Am I supposed to be putting something in the Authorization header? Appreciate any help, will post the entire request log in a thread
4 Replies
Fugi
Fugi2y ago
CURL session for the request (slightly redacted) 
$ curl 'https://c4388f020988b687c238667322195b29.r2.cloudflarestorage.com/mirai' \
>   -H 'Accept: */*' \
>   -H 'Accept-Language: en-US,en;q=0.9' \
>   -H 'Cache-Control: no-cache' \
>   -H 'Connection: keep-alive' \
>   -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB' \
>   -H 'Origin: http://localhost:3000' \
>   -H 'Pragma: no-cache' \
>   -H 'Referer: http://localhost:3000/' \
>   -H 'Sec-Fetch-Dest: empty' \
>   -H 'Sec-Fetch-Mode: cors' \
>   -H 'Sec-Fetch-Site: cross-site' \
>   -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' \
>   -H 'sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"' \
>   -H 'sec-ch-ua-mobile: ?0' \
>   -H 'sec-ch-ua-platform: "Windows"' \
>   --data-raw $'------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="bucket"\r\n\r\nmirai\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Algorithm"\r\n\r\nAWS4-HMAC-SHA256\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Credential"\r\n\r\n48b5c6eefee99d28dbfc64d0844153be/20230201/auto/s3/aws4_request\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Date"\r\n\r\n20230201T235252Z\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="key"\r\n\r\nuploads/84791f60f10dd90181734c80e2833713\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="Policy"\r\n\r\neyJleHBpcmF0aW9uIjoiMjAyMy0wMi0wMlQwMDowMjo1MloiLCJjb25kaXRpb25zIjpbWyJjb250ZW50LWxlbmd0aC1yYW5nZSIsNjQsMjYyMTQ0MDBdLFsic3RhcnRzLXdpdGgiLCIkQ29udGVudC1UeXBlIiwiaW1hZ2UvIl0seyJidWNrZXQiOiJtaXJhaSJ9LHsiWC1BbXotQWxnb3JpdGhtIjoiQVdTNC1ITUFDLVNIQTI1NiJ9LHsiWC1BbXotQ3JlZGVudGlhbCI6IjQ4YjVjNmVlZmVlOTlkMjhkYmZjNjRkMDg0NDE1M2JlLzIwMjMwMjAxL2F1dG8vczMvYXdzNF9yZXF1ZXN0In0seyJYLUFtei1EYXRlIjoiMjAyMzAyMDFUMjM1MjUyWiJ9LHsia2V5IjoidXBsb2Fkcy84NDc5MWY2MGYxMGRkOTAxODE3MzRjODBlMjgzMzcxMyJ9XX0=\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Signature"\r\n\r\n------------------REDACTED----------------------\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="file"; filename="Screenshot 2022-12-06 144019.png"\r\nContent-Type: image/png\r\n\r\n\u0089PNG\r\n\u0000IEND®B`\u0082\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB--\r\n' \
>   --compressed -vvv
$ curl 'https://c4388f020988b687c238667322195b29.r2.cloudflarestorage.com/mirai' \
>   -H 'Accept: */*' \
>   -H 'Accept-Language: en-US,en;q=0.9' \
>   -H 'Cache-Control: no-cache' \
>   -H 'Connection: keep-alive' \
>   -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB' \
>   -H 'Origin: http://localhost:3000' \
>   -H 'Pragma: no-cache' \
>   -H 'Referer: http://localhost:3000/' \
>   -H 'Sec-Fetch-Dest: empty' \
>   -H 'Sec-Fetch-Mode: cors' \
>   -H 'Sec-Fetch-Site: cross-site' \
>   -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' \
>   -H 'sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"' \
>   -H 'sec-ch-ua-mobile: ?0' \
>   -H 'sec-ch-ua-platform: "Windows"' \
>   --data-raw $'------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="bucket"\r\n\r\nmirai\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Algorithm"\r\n\r\nAWS4-HMAC-SHA256\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Credential"\r\n\r\n48b5c6eefee99d28dbfc64d0844153be/20230201/auto/s3/aws4_request\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Date"\r\n\r\n20230201T235252Z\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="key"\r\n\r\nuploads/84791f60f10dd90181734c80e2833713\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="Policy"\r\n\r\neyJleHBpcmF0aW9uIjoiMjAyMy0wMi0wMlQwMDowMjo1MloiLCJjb25kaXRpb25zIjpbWyJjb250ZW50LWxlbmd0aC1yYW5nZSIsNjQsMjYyMTQ0MDBdLFsic3RhcnRzLXdpdGgiLCIkQ29udGVudC1UeXBlIiwiaW1hZ2UvIl0seyJidWNrZXQiOiJtaXJhaSJ9LHsiWC1BbXotQWxnb3JpdGhtIjoiQVdTNC1ITUFDLVNIQTI1NiJ9LHsiWC1BbXotQ3JlZGVudGlhbCI6IjQ4YjVjNmVlZmVlOTlkMjhkYmZjNjRkMDg0NDE1M2JlLzIwMjMwMjAxL2F1dG8vczMvYXdzNF9yZXF1ZXN0In0seyJYLUFtei1EYXRlIjoiMjAyMzAyMDFUMjM1MjUyWiJ9LHsia2V5IjoidXBsb2Fkcy84NDc5MWY2MGYxMGRkOTAxODE3MzRjODBlMjgzMzcxMyJ9XX0=\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="X-Amz-Signature"\r\n\r\n------------------REDACTED----------------------\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB\r\nContent-Disposition: form-data; name="file"; filename="Screenshot 2022-12-06 144019.png"\r\nContent-Type: image/png\r\n\r\n\u0089PNG\r\n\u0000IEND®B`\u0082\r\n------WebKitFormBoundaryVcEni9wxldmoKAeB--\r\n' \
>   --compressed -vvv
*   Trying 104.18.9.90:443...
* TCP_NODELAY set
* Connected to c4388f020988b687c238667322195b29.r2.cloudflarestorage.com (104.18.9.90) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=r2.cloudflarestorage.com
*  start date: Jan 31 00:00:00 2023 GMT
*  expire date: Apr 30 23:59:59 2023 GMT
*  subjectAltName: host "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com" matched cert's "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
> POST /mirai HTTP/1.1
> Host: c4388f020988b687c238667322195b29.r2.cloudflarestorage.com
> Accept-Encoding: deflate, gzip, br
> Accept: */*
> Accept-Language: en-US,en;q=0.9
> Cache-Control: no-cache
> Connection: keep-alive
> Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB
> Origin: http://localhost:3000
> Pragma: no-cache
> Referer: http://localhost:3000/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
> sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: "Windows"
> Content-Length: 1531
> Expect: 100-continue
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Wed, 01 Feb 2023 23:53:24 GMT
< Content-Type: application/xml
< Content-Length: 131
< Connection: keep-alive
< Vary: Accept-Encoding
< Server: cloudflare
< CF-RAY: 792e9b35784727fe-SEA
<
* Connection #0 to host c4388f020988b687c238667322195b29.r2.cloudflarestorage.com left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>Invalid Argument: Authorization</Message></Error>
*   Trying 104.18.9.90:443...
* TCP_NODELAY set
* Connected to c4388f020988b687c238667322195b29.r2.cloudflarestorage.com (104.18.9.90) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=r2.cloudflarestorage.com
*  start date: Jan 31 00:00:00 2023 GMT
*  expire date: Apr 30 23:59:59 2023 GMT
*  subjectAltName: host "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com" matched cert's "c4388f020988b687c238667322195b29.r2.cloudflarestorage.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
> POST /mirai HTTP/1.1
> Host: c4388f020988b687c238667322195b29.r2.cloudflarestorage.com
> Accept-Encoding: deflate, gzip, br
> Accept: */*
> Accept-Language: en-US,en;q=0.9
> Cache-Control: no-cache
> Connection: keep-alive
> Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVcEni9wxldmoKAeB
> Origin: http://localhost:3000
> Pragma: no-cache
> Referer: http://localhost:3000/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
> sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: "Windows"
> Content-Length: 1531
> Expect: 100-continue
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Wed, 01 Feb 2023 23:53:24 GMT
< Content-Type: application/xml
< Content-Length: 131
< Connection: keep-alive
< Vary: Accept-Encoding
< Server: cloudflare
< CF-RAY: 792e9b35784727fe-SEA
<
* Connection #0 to host c4388f020988b687c238667322195b29.r2.cloudflarestorage.com left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>Invalid Argument: Authorization</Message></Error>
kian
kian2y ago
Presigned POST isn’t supported You’ll need to use normal PutObject
Fugi
Fugi2y ago
Ah thank you! That's unfortunate since presigned PUTs don't allow restricting upload sizes or types. Hopefully that can come in the future. For now it'd be nice if the documentation called that out, I didn't see any warnings on either the S3 compatability page nor the Presigned URLs page
kian
kian2y ago
You can presign the Content-???? headers - but only with the exact values, so it’s not the best
Want results from more Discord servers?
Add your server
More Posts
You can disable AAAA records for yourYou can disable AAAA records for your entire zone by modifying the IPv6 Compatibility Setting via thAutomatic deployments not working, cannot deploy any changes.Nothing else appears to be out of the ordinary except for the lack of workflow activity on the repo,Delete requests cause 400 without reaching workerWhen using a DELETE request, I am getting 400 responses and the worker is not handling the request. Pages with IPv4 Only (DNS?)I'm trying to run a page that retrieves the user's IPv4 address. It specifically needs to be v4. I'mi m not sure why they aren t the GitHubi'm not sure why they aren't. the GitHub release looks fine - https://github.com/cloudflare/terraforDurable objects would be ok forDurable objects would be ok for matchmaking at a small scale but at larger scale durable objects wilBecause as Kian mentioned the SPA doesBecause as Kian mentioned the SPA does not have a server so the cors approach would never really worTransform Rule Modify Request Header Variable Api RequestI am trying to fetch a variable from a modify request header I created, the url I am using is `httpsI m running into an `AuthenticationI'm running into an `Authentication error [code: 10000]` error when executing `wrangler dev` @ `2.8.Prisma in module workerAnyone have an example of using '@Prisma/client/edge' in a cloudflare module worker? I am getting: