我有一个运行良好的 S3 Fine Uploader 实现。默认情况下,它可以正常上传文件,但它们是私有(private)的。根据 FineUploader 的文档,我将 objectProperties 选项添加到我的客户端 js 配置中,以便 FineUploader 公开文件:
objectProperties: {
acl: "public-read"
},
但是,我现在在上传期间收到来自 s3 的拒绝访问响应:
<Error><Code>AccessDenied</Code><Message>Access Denied</Message>
<RequestId>(removed)</RequestId>
<HostId>(removed)</HostId>
</Error>
如果有帮助,这是我的 CORS 存储桶策略:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>content-type</AllowedHeader>
<AllowedHeader>origin</AllowedHeader>
<AllowedHeader>x-amz-acl</AllowedHeader>
<AllowedHeader>x-amz-meta-qqfilename</AllowedHeader>
<AllowedHeader>x-amz-date</AllowedHeader>
<AllowedHeader>authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
这是请求的原始 HTTP 转储:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:39643
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryR70e49pqaNEGSsT1
Host:quickfunnel.s3.amazonaws.com
Origin:http://mysite.local
Referer:http://mysite.local/dashboard/
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Request Payload
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="key"
d50e0c4f-1886-48bb-b077-075fca79b6dc.JPG
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="AWSAccessKeyId"
ACCESS-KEY-REMOVED
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="Content-Type"
image/jpeg
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="success_action_status"
200
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="acl"
public-read
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="x-amz-meta-qfclientid"
1
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="x-amz-meta-qqfilename"
Capture.JPG
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="policy"
eyJleHBpcmF0aW9uIjoiMjAxNC0wMS0wMlQyMzo0MzoxMC4wNDVaIiwiY29uZGl0aW9ucyI6W3siYWNsIjoicHVibGljLXJlYWQifSx7ImJ1Y2tldCI6InF1aWNrZnVubmVsIn0seyJDb250ZW50LVR5cGUiOiJpbWFnZS9qcGVnIn0seyJzdWNjZXNzX2FjdGlvbl9zdGF0dXMiOiIyMDAifSx7ImtleSI6ImQ1MGUwYzRmLTE4ODYtNDhiYi1iMDc3LTA3NWZjYTc5YjZkYy5KUEcifSx7IngtYW16LW1ldGEtcWZjbGllbnRpZCI6IjEifSx7IngtYW16LW1ldGEtcXFmaWxlbmFtZSI6IkNhcHR1cmUuSlBHIn0sWyJjb250ZW50LWxlbmd0aC1yYW5nZSIsIjAiLCIxNTAwMDAwMCJdXX0=
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="signature"
K7FC4Toe/xmr0SKGOTy6NG+morw=
------WebKitFormBoundaryR70e49pqaNEGSsT1
Content-Disposition: form-data; name="file"; filename="Capture.JPG"
Content-Type: image/jpeg
------WebKitFormBoundaryR70e49pqaNEGSsT1--
最佳答案
很可能,您没有正确配置您的客户端 IAM 组。为了偏离“private”的默认 ACL,与请求关联的 IAM 组必须能够执行该“s3:PutObjectAcl”操作。您需要确保与您的客户端 key 关联的 IAM 组具有此权限。
关于amazon-s3 - FineUploader : S3 Access Denied Response when Canned ACL value is changed,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20894339/