Works fine on localhost but not on the Server. All the URL s returned are already expired.
<Error>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<Expires>2016-04-26T09:44:22Z</Expires><ServerTime>2016-04-26T11:34:36Z</ServerTime><RequestId>33AF4E321F37ADA6</RequestId><HostId>+AXA3itXG9aKlt+EQkYxTHJCsxkEkymj+o2COPYo4+v26Vaxx17j/agh+hCq5NoHNzvJp2GI8Y=</HostId>
</Error>
On localhost, URL s generated for the same object differs in expires parameter but not on the Server. Same URL is returned for the same object on Server(expires param is same everytime).
Server is Amazon EC2. Credentials are saved in /.aws/credentials file on both localhost and the Server
Code from Model
var AWS = require('aws-sdk');
var s3 = new AWS.S3();
exports.download = function (req, res) {
var fileName = req.params.name;
var key = req.user._id + '/' + fileName;
var params = { Bucket: 'myBucket', Key: key };
s3.getSignedUrl('getObject', params, function (err, url) {
if (err) {
console.log('Getting Signed URL', err);
res.send(err);
} else {
console.log('Getting Signed URL', url);
res.send(url);
}
});
};
Edited CORS Configuration on S3
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Works fine on localhost but not on the Server. All the URL s returned are already expired.
<Error>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<Expires>2016-04-26T09:44:22Z</Expires><ServerTime>2016-04-26T11:34:36Z</ServerTime><RequestId>33AF4E321F37ADA6</RequestId><HostId>+AXA3itXG9aKlt+EQkYxTHJCsxkEkymj+o2COPYo4+v26Vaxx17j/agh+hCq5NoHNzvJp2GI8Y=</HostId>
</Error>
On localhost, URL s generated for the same object differs in expires parameter but not on the Server. Same URL is returned for the same object on Server(expires param is same everytime).
Server is Amazon EC2. Credentials are saved in /.aws/credentials file on both localhost and the Server
Code from Model
var AWS = require('aws-sdk');
var s3 = new AWS.S3();
exports.download = function (req, res) {
var fileName = req.params.name;
var key = req.user._id + '/' + fileName;
var params = { Bucket: 'myBucket', Key: key };
s3.getSignedUrl('getObject', params, function (err, url) {
if (err) {
console.log('Getting Signed URL', err);
res.send(err);
} else {
console.log('Getting Signed URL', url);
res.send(url);
}
});
};
Edited CORS Configuration on S3
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws./doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
-
The documentation says that it will default to a validity period of 15 minutes, so that result is strange. Have you tried passing an
Expiresvalue? See: getSignedUrl() documentation – John Rotenstein Commented May 9, 2016 at 8:57 -
I passed the
Expiresvalue. Same result. – katu Commented May 9, 2016 at 9:23 - Can you extract the expiration time from the resulting URL to check its value? (It would be in UTC.) – John Rotenstein Commented May 9, 2016 at 9:25
-
File was just uploaded. Result of URL in browser.
<Error><Code>AccessDenied</Code><Message>Request has expired</Message><Expires>2016-05-09T09:27:53Z</Expires><ServerTime>2016-05-09T09:28:58Z</ServerTime><RequestId>35CA4C50C6F689E3</RequestId><HostId>/OswGs5Ixdpx5+ngNyBLwgnm1PWGqm4MhcfSNHHGLWEDLDg1I+FVcOHPfcvGEwvVTt1RIIK870M=</HostId></Error>– katu Commented May 9, 2016 at 9:30 - How about the actual Signed URL? Can you see the expiry time in the URL that is sent to S3? – John Rotenstein Commented May 9, 2016 at 9:38
3 Answers
Reset to default 1...
// here you need to provide signed URL expiration time as the 3rd parameter
var params = { Bucket: 'myBucket', Key: key , Expires: <expire time>};
s3.getSignedUrl('getObject', params, function (err, url) {
...
Will probably not apply to this specific question, but I'm adding this in case anyone runs into this question like I did while trying to solve my problem. I had the same issue of expired signed URLs because I'm using WSL2 + Docker in my dev environment, and after putting my laptop to sleep the clock got messed up. The "fix" was to restart WSL2. There are other options but I didn't get the chance to test them. There are some extra details in this issue
When you generate file link you will have something like
https://bucket.s3.amazonaws./image2.png?SOME_INFO&X-Amz-Expires=900&SOME_INFO
You need X-Amz-Expires=900. This parameter means count of secont when your SignedUrl will expire.
To increse time, you an use some example
const aws = require('aws-sdk');
const s3 = new aws.S3({
signatureVersion: 'v4',
region: 's3-region'
});
const s3FileObject = {
Bucket: 'your-bucket-name',
Key: 'file-name.jpg',
Expires: 60 * 60 // Seconds count
};
const url = s3.getSignedUrl('getObject', s3FileObject);
console.log(url);