R2 Presigned URL : No upload limit ???!!!
Hey everyone,
I'm using presigned URLs to allow users to upload files directly to my R2 bucket, and I noticed that AWS S3 allows setting a content-length-range condition to restrict file size. However, I couldn't find any way to enforce a max file size limit in R2's presigned URLs.
Does this mean that anyone with the URL could upload huge files (even terabytes) to my bucket????!!! If so, what's the best way to prevent this? Any official way to enforce size limits at the R2 level?
Thanks!
2 Replies
The "presigned" part of presigned urls means that a signature of the URL is generated, and any change in the url will be detected.
You can find more information about presigned keys on cloudflare's documentation: https://developers.cloudflare.com/r2/api/s3/presigned-urls/
Cloudflare Docs
Presigned URLs · Cloudflare R2 docs
Presigned URLs are an S3 concept for sharing direct access to your bucket without revealing your token secret. A presigned URL authorizes anyone with the URL to perform an action to the S3 compatibility endpoint for an R2 bucket. By default, the S3 endpoint requires an AUTHORIZATION header signed by your token. Every presigned URL has S3 paramet...
from what I can tell, presigned urls on r2 are meant to be the same as on s3, so I believe they should support the same restrictions aws's pre-signed urls would. But this would be something you should test before deploying