Issues with R2 signed URLs (403 Forbidden)

I made a new R2 bucket with CORS allowing all origins to GET and PUT. Additionally, I have the R2 API key allowing all IPs to Read & Write. When I generate the Signed URL using the V3 JS AWS API, I set it to last 60 seconds. Despite all of this, I keep getting 403: Forbidden errors when trying to PUT any sort of files to the Signed URL.
No description
7 Replies
harshil1712
harshil17123mo ago
Can you share the CORS policy you have set? I usually start with something like this: https://github.com/harshil1712/nextjs-r2-demo/blob/main/cors.json and scope it down.
GitHub
nextjs-r2-demo/cors.json at main · harshil1712/nextjs-r2-demo
Upload images to Cloudflare R2 via the Workers API, Pre-signed URL, or Temporary Credentials - harshil1712/nextjs-r2-demo
x03
x033mo ago
This is my CORS policy:
[
{
"AllowedOrigins": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedHeaders": [
"*"
]
},
{
"AllowedOrigins": [
"https://***.com",
"https://***.dev",
"http://localhost:5173"
],
"AllowedMethods": [
"PUT"
],
"AllowedHeaders": [
"*"
]
}
]
[
{
"AllowedOrigins": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedHeaders": [
"*"
]
},
{
"AllowedOrigins": [
"https://***.com",
"https://***.dev",
"http://localhost:5173"
],
"AllowedMethods": [
"PUT"
],
"AllowedHeaders": [
"*"
]
}
]
But I've also tried replacing "AllowedOrigins" with "*" for put, and it had the same effect Also I just tried the cors config you linked (with the port replaced) and it still throws a "403: Forbidden" error
harshil1712
harshil17123mo ago
My bad, I just saw that it is a 403 error. Can you verify that you are using the correct credentials?
x03
x033mo ago
Yeah I am, because forming the signed URL also uses credentials and it works just fine
Chaika
Chaika3mo ago
signing is an offline operation, you can pass anything into it and it'd spit out anything it's only when the presigned is used are the credentials used to sign it verified, would check the api token didn't expire/has proper scope/etc
x03
x033mo ago
Ah I see Let me screenshot my credential parameters Oh wow, I have no idea why but when going to my R2 token and clicking edit, it only had "Read Object" access and also had an expiry date. I'm 100% positive that I made it Read & Write and set it to never expire. I made the token last night. Switching the token back to "Read & Write" fixed everything. The weird thing is, I had the token with R&W perms yesterday, but it still threw 403s. Did Cloudflare have some R2 related issues yesterday?
Want results from more Discord servers?
Add your server