问题描述
我正在尝试使用S3预先签名的PUT网址执行文档上传.我使用Java AWS开发工具包( GeneratePresignedUrlRequest.java )生成了URL.该网址生成代码位于AWS API网关后面的lambda函数中.
I am trying to perform a document upload using an S3 pre-signed PUT url. I generated the url using java AWS SDK (GeneratePresignedUrlRequest.java). This url generation code sits in a lambda function behind AWS API gateway.
但是,当我在Postman&中复制生成的网址时,出现以下错误尝试执行上传.
However I am getting the following error when I copy the generated url in Postman & try to perform an upload.
<Error>
<Code>AccessDenied</Code>
<Message>
There were headers present in the request which were not signed
</Message>
<HeadersNotSigned>host</HeadersNotSigned>
<RequestId>6E624EC66091A099</RequestId>
<HostId>
9HnUUZpa9zUWfyzuNrZtRkoN2CYxH8V6rqx5QgsMFC6foTZKuG5qmZL5ThnUXooYPk2reFzKKUg=
</HostId>
</Error>
生成的网址是"https://< 存储桶 .s3.amazonaws.com/< 密钥>?X-Amz-Security-Token =< 值 & X-Amz-Algorithm = AWS4-HMAC-SHA256& X-Amz-日期= 20180718T013339Z& X-Amz-SignedHeaders = content-type%253Bhost& X-Amz-Expires = 1799& X-Amz-Credential =< value >&X-Amz-Signature =< 值
The generated url is "https://<bucket>.s3.amazonaws.com/<key>?X-Amz-Security-Token=<value>&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20180718T013339Z&X-Amz-SignedHeaders=content-type%253Bhost&X-Amz-Expires=1799&X-Amz-Credential=<value>&X-Amz-Signature=<value>
关于在生成url时需要在此处进行更正的任何建议?
Any suggestions as to what needs to be corrected here in the generation of url ?
推荐答案
错误确实与缺少标头"有关,但与误导性的"主机"无关.需要在 X-Amz-SignedHeaders = content-type%253Bhost中的主机"之前的值"内容类型"作为请求标头明确提供http客户端使用预签名的url将文件上传到S3.
The error was indeed related to a 'missing header', but not 'host' which was misleading. The value 'content-type' that comes before 'host' in X-Amz-SignedHeaders=content-type%253Bhost , needs to be explicitly provided as a request header when a http client uses the pre-signed url to upload a file to S3.
我在Java中生成的预签名网址为
I had generated the pre-signed url in java as
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName,objectKey).withMethod(HttpMethod.PUT).withContentType("application/pdf").withExpiration(expiration);
因此,S3希望值为'application/pdf'的 content-type 作为预先签名的url请求的一部分,作为我所理解的签名匹配的标头
So S3 expects content-type with value 'application/pdf' to be part of the pre-signed url request as a header for a signature match as I understand.
这篇关于S3预设的上载网址错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!