0

I am trying to make a PutObject presigned request using the AWS S3 PHP SDK.

I have gotten the request to work but now I only want to allow my users to be able to only upload video files.I have tried a lot of combinations and searched a lot but I could not get it to work.

Here is the sample code I use:

$cmd = $this->s3client->getCommand('PutObject', [
        'Bucket' => 'myBucket',
        'Key' => 'inputs/' . $movie->getId(),
        'ACL' => 'private',
        'Conditions' => ['Starts-With', '$Content-Type', 'video/'], // I have tried other combinations but it seems to not work
    ]);

    $request = $this->s3client->createPresignedRequest($cmd, '+30 minutes');

    $movie->setSignedUrl((string)$request->getUri());

The signed url generated does never include the Content-Type in the X-Amz-SignedHeaders query parameter, only the host is included.

Raress96
  • 214
  • 3
  • 7
  • Have you tried taking a look at this example? https://stackoverflow.com/questions/11621863/setting-content-type-for-mp4-files-on-s3 – Woodrow Apr 02 '18 at 14:30

1 Answers1

1

The putObject() request has no documented Conditions key.

You appear to be confusing S3's PUT upload interface with the pre-signed POST capability, which supports policy document conditions like ['Starts-With', '$Content-Type', 'video/'],

PUT does not support "starts with". It requires the exact Content-Type and the key for this (which should result in the header appearing in the X-Amz-SignedHeaders query string parameter) is simply ContentType. It goes in the outer parameters array, just like Bucket and Key.

But if you want to support multiple content types without knowing the specific type in advance, you need to use POST uploads.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • Yes, I was confusing the two. However, I have also tried using the ContentType key but it seems to be ignored. I have submitted an issue on the GitHub repo: https://github.com/aws/aws-sdk-php/issues/1521 – Raress96 Apr 04 '18 at 05:59
  • Re: your issue on Github, as mentioned above, the `PUT` API itself does not support restricting to Content-Type *patterns*, like `video/*`. It only supports the complete value, like `video/mp4`. I disagree with the architectural decision not to sign the header, as it seems to dumb-down the code for the benefit of people who are using it incorrectly, but even if that worked as expected, it would not be useful for your purpose, for this reason. – Michael - sqlbot Apr 04 '18 at 10:10