I've been trying in vain for 2 days now to do a simple upload to my Amazon S3 Bucket. Below is my rendered form:
<form action="http://s3.amazonaws.com/MYBUCKETNAME" method="post" enctype="multipart/form-data">
<input type="hidden" name="AWSAccessKeyId" value="MYACCESSKEY" />
<input type="hidden" name="acl" value="private" />
<input type="hidden" name="key" value="UserUploads/TestUser/${filename}" />
<input type="hidden" name="success_action_redirect" value="http://WWW.MYURL.COM/" />
<input type="hidden" name="policy" value="POLICY" />
<input type="hidden" name="signature" value="SIGNATURE" />
<div>
Please specify a file, or a set of files:
<input type="file" name="file" size="100" />
</div>
<input type="submit" value="Upload" />
</form>
and my policy document looks like this:
{
expiration = "2011-12-08T12:00:00.000Z",
conditions = [
["eq","bucket","MYBUCKETNAME"],
["eq","acl","private"],
["starts-with","$key","UserUploads/TestUser/"],
["eq","success_action_redirect", "HTTP://WWW.MYURL.COM/"]
]
}
I get the following error:
Code: AccessDenied,
Message: Invalid according to Policy: Policy Condition failed: ["eq", "bucket", "MYBUCKETNAME"]
Does anyone have any ideas please, I'm grabbing at straws here. Also not sure if my Bucket Policy and ACL is correct.
According to http://doc.s3.amazonaws.com/proposals/post.html#Access_Control
Matching a Particular Value
Description: There are certain fields that you want to match a
particular value, such as matching a bucket name or requiring that an
object is uploaded using the public-read access control policy. The
field value is case sensitive, but the name is not.
Syntax: There are two ways to require that the field fieldname matches
the string value. The value is case sensitive. If the value starts
with a dollar sign ($), the dollar sign must be escaped with a
backslash (\$)
[ "eq", "$fieldname", "S" ],
(Note the $ prefix).
So your policy should have $ in sets where you using "eq" format
Why not do this in C# with the S3 SDK (http://aws.amazon.com/sdkfornet/), it's a bit more secure.
Here's my blog post with more detail: http://bradoyler.com/post/3614362044/uploading-an-image-with-aws-sdk-for-net-c.
Cheers and Good luck.
I was getting the following error:
Invalid according to Policy: Policy Condition failed: [\"eq\", \"$bucket\"
After many hours, I learned that you can't have a bucket with uppercase letters. Changing the bucket to lowercase fixed it.
Related
I am new to Brightspace and been fiddling with the remote plugins sample (logo). I can load the sample logo project, but cannot get it to insert into the page. I have uploaded the file but get a 404 error on submit. Can someone `
$( document ).ready(function() {
$('#submitFormButton').click( function() {
$.ajax({
url: "/getisfdetails",
data: {
image: $("input[name='image']:checked").val()
},
success: function(response){
$("input[name='lti_message_type']").val(response.lti_message_type);
$("input[name='lti_version']").val(response.lti_version);
$("input[name='content_items']").val(response.content_items);
$("input[name='oauth_version']").val(response.oauth_version);
$("input[name='oauth_nonce']").val(response.oauth_nonce);
$("input[name='oauth_timestamp']").val(response.oauth_timestamp);
$("input[name='oauth_consumer_key']").val(response.oauth_consumer_key);
$("input[name='oauth_callback']").val(response.oauth_callback);
$("input[name='oauth_signature_method']").val(response.oauth_signature_method);
$("input[name='oauth_signature']").val(response.oauth_signature);
$("#isfForm").prop('action', response.lti_return_url);
$("#isfForm").submit();
}
});
});
});
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
src="https://code.jquery.com/jquery-3.2.1.min.js"
integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4="
crossorigin="anonymous"></script>
<body>
<h3>Select an logo:</h3>
<input type="radio" name="image" value="brightspace-logo.png"> <img src="../content/isf/brightspace-logo.png" alt="Brightspace Logo"><br />
<input type="radio" name="image" value="d2l-logo.png"> <img src="../content/isf/d2l-logo.png" alt="D2L Logo"><br />
<div hidden>
<form id="isfForm" method="POST">
<input type="hidden" name="lti_message_type" />
<input type="hidden" name="lti_version" />
<input type="hidden" name="content_items" />
<input type="hidden" name="oauth_version" />
<input type="hidden" name="oauth_nonce" />
<input type="hidden" name="oauth_timestamp" />
<input type="hidden" name="oauth_consumer_key" />
<input type="hidden" name="oauth_callback" />
<input type="hidden" name="oauth_signature_method" />
<input type="hidden" name="oauth_signature" />
</form>
</div>
<br />
<button id="submitFormButton">Submit</button>
</body>
` how do you set this cookie in the javascript? I believe a cookie needs to be set??? and I do not see how to set it? or maybe I am missing something else that is not noted in the documentation.
I would highly recommend you consider using LTI Advantage/1.3 instead of Remote Plugins. LTI provides a standards-based integration approach & a better developer experience.
https://community.brightspace.com/s/article/LTI-Integration-Guide
If you are working with a partner of D2L please get in touch with the partner team and technical assistance is available. Your information here is appreciated but we are glad to examine the full context and use case as these errors are not hugely uncommon during dev. Otherwise, I echo Paul's suggestion, but I understand if it is not immediately possible.
partners#d2l.com or talk with your team that knows D2L!
Depending on which browser you are in you might be seeing the recent effects of the third-party cookie blocking that the browsers are adopting. Because LTIs (both 1.1 and 1.3/Advantage) typically launch into iframe any access to those cookies are regarded as third party. This effectively means two things
You need to be aware of the cookie access routines where a user action must be taken to request access to the browser storage API using document.requestStorageAccess()
You need to be marking your cookies appropriately with the new SameSite cookie directives
Without these the browser will mark your cookie request as a 'Tracking cookie' and refuse to serve it along with the request or make it accessible via javascript.
An alternative is also to detect that the LTI launch is happening inside the an iframe and to bust that iframe out to a new window, or alternatively configure the launch inside Brightspace to not use a iframe at all.
I have a web app that allows users to upload photos to an S3 bucket via HTML form. It works exactly as expected on all desktop browsers, which is to do nothing after a successful upload. However in iOS safari and iOS chrome, it redirects to the bucket. If I "Handoff" the page over to safari on my mac it is an xml response of the entire bucket, it appears.
Does anyone know why this would happen and how to fix it? Normally I can find something via google and the forums but I'm finding nothing!
We are not specifying "success action redirect" or "success action status" on our form.
Also, it works as expected in chrome on an android device.
We do not want any sort of redirect to occurs, we handle things on the client after clicking the submit/post button.
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<div id ="mainContent">
<form action="https://s3.amazonaws.com/{!awsKeySet.Name}" method="post" enctype="multipart/form-data" id="uploadForm">
<input type="hidden" name="key" id="key" />
<input type="hidden" name="AWSAccessKeyId" value="{!awsKeySet.AWS_AccessKey_Id__c}" />
<input type="hidden" name="policy" value="{!policy}" />
<input type="hidden" name="signature" value="{!signedPolicy}" />
<input type="hidden" name="acl" value="{!acessType}" />
<input type="hidden" name="Content-Type" value="{!Content_Type}" />
<!--input type="hidden" name="success_action_status" value="201" /-->
<!--input type="hidden" name="success_action_redirect" value="{!ForRedirect}" /-->
<h4 class="fileToUpload">Select a File to Upload in AWS</h4><br />
<div class="row">
<input type="file" size="50" name="file" id="file" />
</div>
<div id="fileName"></div>
<div id="fileSize"></div>
<div id="fileType"></div>
<div class="row">
<input type="submit" value="Upload" id="btn_submit" />
</div>
<div id="progressNumber"></div>
</form>
</div>
<script>
$(document).ready(function () {
var _requestBucket;
$("#btn_submit").click(function(event){
//alert(1);
event.preventDefault();
var _file;
_file = $("#file").val().replace(/.+[\\\/]/, "");
console.log('_file '+ _file);
$("#key").val(_file);
$("#uploadForm").submit();
});
});
</script>
Thank you!
I wish someone could have shed more light on this but sadly, this is a bug in iOS webkit browsers. It appears to have been fixed in Android and Desktop. So, if anyone stumbles on this problem, included is the bugzilla link for it
Bugzilla link for Proper handling of HTTP 204
More detail : According to the amazon s3 docs
If the value is set to 200 or 204, Amazon S3 returns an empty document with a
200 or 204 status code.
If the value is set to 201, Amazon S3 returns an XML document with a
201 status code.
If the value is not set or if it is set to an invalid value, Amazon S3
returns an empty document with a 204 status code.
According to HTTP 1.1 -
10.2.5 204 No Content
The server has fulfilled the request but does not need to return an
entity-body, and might want to return updated metainformation. The
response MAY include new or updated metainformation in the form of
entity-headers, which if present SHOULD be associated with the
requested variant.
If the client is a user agent, it SHOULD NOT change its document view
from that which caused the request to be sent. This response is
primarily intended to allow input for actions to take place without
causing a change to the user agent's active document view, although
any new or updated metainformation SHOULD be applied to the document
currently in the user agent's active view.
The 204 response MUST NOT include a message-body, and thus is always
terminated by the first empty line after the header fields.
This is not happening in either webkit browsers for iOS, currently. Sadly. I cannot find a way around this, other for Apple to fix it!
Based on the Spring Security documentation, I setup a MultipartFileter as the following:
#Order(1)
public class SecurityWebAppInitializer
extends AbstractSecurityWebApplicationInitializer {
#Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
In a file upload form, I can see a CSRF input with a not-null value in a HTML file (see the code below).
<form method="POST" enctype="multipart/form-data" action="/upload">
File to upload: <input type="file" name="file" /><br />
Name: <input type="text" name="name" /><br /> <br />
<input type="submit" value="Upload" />
Press here to upload the file!
<input type="hidden" name="_csrf" value="df94be7d-675d-428c-89e5-2ebf0b473c42" />
</form>
After submitting the form, I get an error as
HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
type Status report
message Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
description Access to the specified resource has been forbidden.
What is missing here?
This problem is resolved after changing the Java configuration of the application. The followings are those changes.
In AbstractAnnotationConfigDispatcherServletInitializer class, I add the MultipartFilter in the getServletFilters method and set the MultipartConfig with a MultipartConfigElement in customizeRegistration(ServletRegistration.Dynamic registration) method. A MutlipartConfigElement originally defined in WebMvcConfigurerAdapter class is removed. And a MultipartResolver defined in the class is unchanged.
The Java configuration was set up based on the original XML configuration of the application. The approach doesn't always work based on this case.
I didn't find the part about this in the documentation, so I will be very happy if someone can help me =)
I have this form on my page to upload multiple pictures, using multiple for my input:
<g:uploadForm controller="photo" action="add" autocomplete="off">
<label for="files">Files to upload:</label>
<input type="file" id="files" name="files" multiple="multiple" />
<input type="hidden" id="MAX_FILE_SIZE" name="MAX_FILE_SIZE" value="300000" />
<g:submitButton name="add" class="save button medium" value="ADD" />
</g:uploadForm>
And now, I don't know how to "separate" files in my controller.
It is ok for one file, using request.getFile(..), but how can I handle the "multiple" property of my field ?
Thanks for reading,
Alexandre
You can do this within your controller:
List fileList = request.getFiles('files') // 'files' is the name of the input
fileList.each { file ->
println 'filename: ' + file.getOriginalFilename()
}
request.getFiles(<param>) returns a list of CommonsMultipartFile objects. You can use these objects to get the file names (like in the example) or the file content (file.getInputStream())
You got the answer, but this just for a record
request.multiFileMap?.each { name, map ->
//do the logic
}
I want to automatically search a string at http://www.drugbank.ca/ and get the resulting URL (the search field is at the top of the page). The website can't be searched just by manipulating the URL. Is there a server-based way to do this? I want to create my own webpage with an input field and button to "Search DrugBank for X and get the URL".
Thanks.
You need to get the contents of:
http://www.drugbank.ca/search?query=searchstring
You can't do this with javascript it's not allowed by the browser to query sites of different domains (due to: http://en.wikipedia.org/wiki/Same_origin_policy).
I would do it with php and create a file like searchDrugBank.php:
<?php
$urlContent = file_get_contents('http://www.drugbank.ca/search?query=' . $_GET['q']);
// process $urlContent however you want
?>
And then you put on your site:
<form method="get" action="searchDrugBank.php">
<input type="text" name="q" />
<input type="submit" value="Search drugbank"/>
</form>
(Since you asked)
To find what URL I was gonna query I went to the site, and looked at the form that was submitted when I pressed search (look at the source, or in it's easy to do "inspect element" on for example the searchbox or searchbutton).
I find that the form is:
<form accept-charset="UTF-8" action="/search" method="get"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="✓"></div>
<strong>Search:</strong>
<input id="query" name="query" placeholder="Search DrugBank" size="30" type="search">
<input name="commit" type="submit" value="Search">
Help / Advanced
</form>
Which means that when you press search, exactly what happends is that you will do a GET request, since method="get" and get request means to ask for an url, and if parameters is required, they should be in the URL (http://en.wikipedia.org/wiki/Query_string#Web_forms).
The URL that will be queried is /search since action is action="/search" the rest of the url will then be built using provided parameters here it's just:
<input id="query" name="query" placeholder="Search DrugBank" size="30" type="search">
And there you can see that name of the parameter that should be provided to do a search, namely "query"!