Can you lock a presigned url to a key without creating a new ACL? #319
Comments
|
@bertabus are your other objects in the bucket by any chance marked as public-read or have some other ACL that would make them accessible without a presigned URL? That's what I'm thinking is happening. Presigned URLs should be signed for a specific key, since the signature contains the path portion of the request. |
|
@lsegal right you are. My permissions were wide open. I locked them down and couldn't upload anything at all. I was following a snippet I had found in the comments to issue #26 that suggested something similar to the code above. I have since noticed that there is a "PutObjectRequest" and "PutObjectInput". I updated my code and everything works exactly as I was expecting. Thanks |
skotambkar
pushed a commit
to skotambkar/aws-sdk-go
that referenced
this issue
May 20, 2021
Fixes the JSON unmarshaling of maps of bools. The unmarshal case was missing the condition for bool value, in addition the bool pointer. Fix aws#319
skotambkar
pushed a commit
to skotambkar/aws-sdk-go
that referenced
this issue
May 20, 2021
Services === * Synced the V2 SDK with latest AWS service API definitions. * Fixes [aws#341](aws/aws-sdk-go-v2#341) * Fixes [aws#342](aws/aws-sdk-go-v2#342) SDK Breaking Changes === * `aws`: Add default HTTP client instead of http.DefaultClient/Transport ([aws#315](aws/aws-sdk-go-v2#315)) * Adds a new BuildableHTTPClient type to the SDK's aws package. The type uses the builder pattern with immutable changes. Modifications to the buildable client create copies of the client. Adds a HTTPClient interface to the aws package that the SDK will use as an abstraction over the specific HTTP client implementation. The SDK will default to the BuildableHTTPClient, but a *http.Client can be also provided for custom configuration. When the SDK's aws.Config.HTTPClient value is a BuildableHTTPClient the SDK will be able to use API client specific request timeout options. * Fixes [aws#279](aws/aws-sdk-go-v2#279) * Fixes [aws#269](aws/aws-sdk-go-v2#269) SDK Enhancements === * `service/s3/s3manager`: Update S3 Upload Multipart location ([aws#324](aws/aws-sdk-go-v2#324)) * Updates the Location returned value of S3 Upload's Multipart UploadOutput type to be consistent with single part upload URL. This update also brings the multipart upload Location inline with the S3 object URLs created by the SDK. * Fixes [aws#323](aws/aws-sdk-go-v2#323) * V2 Port [aws#2453](aws#2453) SDK Bugs === * `private/model`: Handles empty map vs unset map behavior in send request ([aws#337](aws/aws-sdk-go-v2#337)) * Updated shape marshal model to handle the empty map vs nil map behavior. Adding a test case to assert behavior when a user sends an empty map vs nil map. * Fix [aws#332](aws/aws-sdk-go-v2#332) * `service/rds`: Fix presign URL for same region ([aws#331](aws/aws-sdk-go-v2#331)) * Fixes RDS no-autopresign URL for same region issue for aws-sdk-go-v2. Solves the issue by making sure that the presigned URLs are not created, when the source and destination regions are the same. Added and updated the tests accordingly. * Fix [aws#271](aws/aws-sdk-go-v2#271) * `private/protocola/json/jsonutil`: Fix Unmarshal map[string]bool ([aws#320](aws/aws-sdk-go-v2#320)) * Fixes the JSON unmarshaling of maps of bools. The unmarshal case was missing the condition for bool value, in addition the bool pointer. * Fix [aws#319](aws/aws-sdk-go-v2#319)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
currently I am creating presigned url using the following code:
I can then test the upload using curl with the presigned url. Problem I encounter is that I can change the key specific part of the url and upload to any directory or file I want. Is this the expected behavior? Is the key intended only for convenience in generating the URL?
The text was updated successfully, but these errors were encountered: