CD
Cloudflare Developersβ€’6mo ago
dave

just change the method to `PUT` and it'

just change the method to PUT and it'll work. You'll likely want to add If-Unmodified-Since to ensure write-once only. The rest is optional, though I would really encourage all of the headers here for various reasons. πŸ™‚ 
const signed_url = await aws_client.sign(
        new Request(url, {
          method: "PUT",
        }),
        {
          aws: { signQuery: true, allHeaders: true },
          headers: {
            "If-Unmodified-Since": new Date(0).toUTCString(),
            "Origin": "http://localhost:3000"
            "Content-Type": "image/jpeg",
            "Content-Disposition": "attachment",
            "Cache-Control": "private, max-age=0, stale-if-error=31536000",
          },
        }
      );
const signed_url = await aws_client.sign(
        new Request(url, {
          method: "PUT",
        }),
        {
          aws: { signQuery: true, allHeaders: true },
          headers: {
            "If-Unmodified-Since": new Date(0).toUTCString(),
            "Origin": "http://localhost:3000"
            "Content-Type": "image/jpeg",
            "Content-Disposition": "attachment",
            "Cache-Control": "private, max-age=0, stale-if-error=31536000",
          },
        }
      );
https://discord.com/channels/595317990191398933/940663374377783388/1201234427590746234
8 Replies
Venkat Dinavahi
Venkat Dinavahiβ€’6mo ago
Thanks a lot! So that's using aws4fetch right? And on the client-side an XMLHttpRequest would work right? Anything special that I would need to do on the client-side? Like does it need to set those headers again or are those already preset from the signed url?
dave
daveβ€’6mo ago
So that's using aws4fetch right?
Correct, but you could use the r2 bindings if you want
And on the client-side an XMLHttpRequest would work right?
yes
Venkat Dinavahi
Venkat Dinavahiβ€’6mo ago
Ah I might have misunderstood the docs. We have the R2 bindings setup but I didn't know there's a function to get a signed url The preferred way is through the r2 bindings but there's file size upload limits I want to work around. Some of our customer upload files that are 800mb or even more in size
dave
daveβ€’6mo ago
Anything special that I would need to do on the client-side? Like does it need to set those headers again or are those already preset from the signed url?
The client side will need to set those headers If-Unmodified-Since, Content-Type, Content-Disposition, and Cache-Control manually when doing the request. You'll want to set the mode of the fetch to be cors so that the Origin header is set automatically
Venkat Dinavahi
Venkat Dinavahiβ€’6mo ago
Oh maybe that's where my mistake is. I had assumed that if headers are set on the pre-signed url, the client doesn't need to send those again. But thinking about it now, it makes sense. It's kind of like a security check? Like headers A, B, C must match the values the pre-signed URL has set.
dave
daveβ€’6mo ago
exactly. signing the origin is a really good trick to prevent abuse.
Venkat Dinavahi
Venkat Dinavahiβ€’6mo ago
Ok this has to be it. I need to set the client headers to match the pre-signed url. Thanks! I do wish Cloudflare provided more plug-n-play examples. There are too many deatils open to interpretation in the docs!
dave
daveβ€’6mo ago
AWS4-HMAC-SHA256 is quite interesting πŸ™‚ not the best security protocol (as it requires storing the secret key in plaintext, no way to hash it), but it's very flexible. you can sign any header you want most libraries don't support creating presigned URLs with more than the "normal" headers signed, but thankfully aws4fetch does!
Want results from more Discord servers?
Add your server
More Posts
RDP via Cloudflared Tunnel is Slow.I am trying to setup Cludflared Tunnel for secure rdp access to a server hosted in Azure. I am usi❌ [ERROR] Error in ProxyController: Error inside ProxyWorker```ts ✘ [ERROR] Error in ProxyController: Error inside ProxyWorker { name: 'Error', messI run a Mybb that allows image uploads getting server 0 error when I try to do a upload need help??I run a Mybb forum that allows image uploads images max size 20mb gifs 85mb I am using the free CoulI need a small help in project i.e.., A user can install there subdomain path form main domainI'm working on a small project i.e.., A user can install there subdomain path form main domain exDeployment failure logsI'm getting failed deployments in the Cloudflare dashboard, despite my GitHub action deployment succCreate Custom Hostname response does not match the documentationWhen sending a post request to the create endpoint it seems like the validation cert is not being resmart placement with R2Hey all, question. From the behavior I'm seeing, smart placement does not count requests to R2 as "sRpi4 server saying bad gateway/argo tunnel failif i dont reset/reboot it every like 2 days, then it saids that. i did get these logs Jan 31 18:01:2Can I stop the verifying your identity page from happeneing?Is it true that registering your domain with cloudflare will get rid of the verifing your identity pServer Side Rendering of templates Cloudflare Pages without β€˜node:fs’Hi guys, I am trying to get a templating setup, using Mustache. Mustache however to render files on