I am working with Amazon S3 on a HTML5 CORS file uploader. It's working well, but I have still a very strange thing which is happening.
Before the PUT request to send the file, the browser always sends an OPTIONS request, which fails with a 403 FORBIDDEN error code.
But the file is correctly transferred to S3 so what's happening ?
I tried to solve my problem by enabling all the HTTP methods, but it hasn't worked.
Here are the headers I am using for the PUT request:
AWSAccessKeyId:XXXXXXXXXXXXXXXXXXXXXX
Expires:1347882643
Signature:YYYYYYYYYYYYYYYYYYYYY
And some code stuff :
var xhr = new XMLHttpRequest();
// bind the event listener
xhr.upload.addEventListener("progress", progress_listener, false);
// open the XMLHttpRequest
xhr.open('PUT', signed_url, true);
// when the upload is pleted call the callback function if supplied
xhr.onload = function(e) {
if(typeof callback == "function") {
callback(this.status == 200, file.name, file_id);
confirm_upload_success(file_id);
}
};
// start sending
xhr.send(file);
I am working with Amazon S3 on a HTML5 CORS file uploader. It's working well, but I have still a very strange thing which is happening.
Before the PUT request to send the file, the browser always sends an OPTIONS request, which fails with a 403 FORBIDDEN error code.
But the file is correctly transferred to S3 so what's happening ?
I tried to solve my problem by enabling all the HTTP methods, but it hasn't worked.
Here are the headers I am using for the PUT request:
AWSAccessKeyId:XXXXXXXXXXXXXXXXXXXXXX
Expires:1347882643
Signature:YYYYYYYYYYYYYYYYYYYYY
And some code stuff :
var xhr = new XMLHttpRequest();
// bind the event listener
xhr.upload.addEventListener("progress", progress_listener, false);
// open the XMLHttpRequest
xhr.open('PUT', signed_url, true);
// when the upload is pleted call the callback function if supplied
xhr.onload = function(e) {
if(typeof callback == "function") {
callback(this.status == 200, file.name, file_id);
confirm_upload_success(file_id);
}
};
// start sending
xhr.send(file);
- 1 Did you setup CORS correctly? docs.amazonwebservices./AmazonS3/latest/dev/cors.html – Evert Commented Sep 17, 2012 at 12:18
- Of course, but Amazon S3 doesn't allow you to put OPTIONS in the allowed HTTP methods – Olivier Kaisin Commented Sep 17, 2012 at 12:26
1 Answer
Reset to default 4EDIT: This bug has been fixed by Amazon :-)
Carl@AWS / Sep 28, 2012 2:56 PM:
All,
This bug should now be fixed and using pre-signed url's with CORS will succeed.
Thanks,
The problem you describe is an Amazon bug: It turns out that S3 is currently authenticating the OPTION call that is made in "preflight" for CORS and that fails (probably because the auth has been signed with for a PUT request not an OPTION request).
It's already on their radar as you can see here: CORS works with public data, but fails to work with pre-signed request
Carl@AWS / Sep 5, 2012 1:00 PM:
Thank you, and everybody else, for the report. You are correct that pre-signed requests returning an error on the initial OPTIONS request. We are working on this issue and expect to add this support shortly. I don't have a timeline for the availability of the change but I will update this thread with more information when I have that. If you have any follow up questions let me know.
So just ignore it and they'll fix it.