How to upload to S3 bucket via HTML form? ("SignatureDoesNotMatch" error)

0
votes

I am trying to upload images to an AWS S3 bucket via an HTML form.

<form action="https://s3.amazonaws.com/3dphy-media-dev" method="post" enctype="multipart/form-data">
    <input type="hidden" name="AWSAccessKeyId" value="AKIAI5LGVRB427BQRRTA">
    <input type="hidden" name="acl" value="public-read">
    <input type="hidden" name="key" value="${filename}">
    <input type="hidden" name="policy" value='
    {
        "expiration": "2019-01-26T16:14:30Z",
        "conditions": [
            {"bucket": "3dphy-media-dev"},
            {"key": "${filename}"},
            {"acl": "public-read"}
        ]
    }
    '>
    <input type="hidden" name="signature" value="wml%2FZoIYBqyCHDRSSxwxkf5EvzQ%3D">
    <!--<input type="hidden" name="Content-Type" value="image/jpeg">-->

    File to upload to S3:
    <input name="file" type="file">
    <input type="submit" value="Upload File to S3">
</form>

However submitting the form results in an error "SignatureDoesNotMatch" and a message "The request signature we calculated does not match the signature you provided. Check your key and signing method."

I checked some of the existing questions on the same topic, but their answers didn't solve the issue.

What am I doing wrong?

1
amazon-s3
Have you read the s3 documentation? You need to sign the upload.Shaun
I included the "signature" field. <input type="hidden" name="signature" value="wml%2FZoIYBqyCHDRSSxwxkf5EvzQ%3D">Debojyoti Ghosh
aws.amazon.com/articles/1434Shaun
I used this tool to calculate the signature - dancartoon.com/projects/s3-siggenerator Is there any similar tool for encoding policy?Debojyoti Ghosh
Is the policy document of the bucket different from the policy document that is to be sent via the form?Debojyoti Ghosh

1 Answers

1
votes

mc tool at https://github.com/minio/mc can be used easily for this purpose as a general purpose tool to generate this. 

$ mc share upload --recursive --expire=12h https://s3.amazonaws.com/backup/2007-Mar-2/backup

$ mc share list upload
URL: https://s3.amazonaws.com/backup/2007-Mar-2/backup
Expire: 11 hours 19 minutes 18 seconds
Share: curl https://s3.amazonaws.com/backup -F x-amz-date=20151125T052221Z -F x-amz-signature=7b13a6db1af025c2b3f1e92cd7c10100b3756c98982def74692722305419a806 -F bucket=backup -F policy=eyJleHBpcmF0aW9uIjoiMjAxNS0xMi0wMlQwNToyMjoyMS45NjJaIiwiY29uZGl0aW9ucyI6W1siZXEiLCIkYnVja2V0IiwiYmFja3VwIl0sWyJzdGFydHMtd2l0aCIsIiRrZXkiLCIyMDA3LU1hci0yL2JhY2t1cCJdLFsiZXEiLCIkeC1hbXotZGF0ZSIsIjIwMTUxMTI1VDA1MjIyMVoiXSxbImVxIiwiJHgtYW16LWFsZ29yaXRobSIsIkFXUzQtSE1BQy1TSEEyNTYiXSxbImVxIiwiJHgtYW16LWNyZWRlbnRpYWwiLCJBS0lBSTZTTk1VRk9WSUVGT1pKQS8yMDE1MTEyNS91cy1lYXN0LTEvczMvYXdzNF9yZXF1ZXN0Il1dfQ== -F x-amz-algorithm=AWS4-HMAC-SHA256 -F x-amz-credential=AKIAI6SNMUFOVIEFOZJA/20151125/us-east-1/s3/aws4_request -F key=2007-Mar-2/backup<NAME> -F file=@<FILE>

Alternatively with json output

$ mc share list upload --json    
{"status":"success","url":"https://s3.amazonaws.com/backup/2007-Mar-2/backup/","share":"curl https://s3.amazonaws.com/backup -F policy=eyJleHBpcmF0aW9uIjoiMjAxNS0xMi0wMlQwNToxNTozNC45MjlaIiwiY29uZGl0aW9ucyI6W1siZXEiLCIkYnVja2V0IiwiYmFja3VwIl0sWyJlcSIsIiRrZXkiLCIyMDA3LU1hci0yL2JhY2t1cC8iXSxbImVxIiwiJHgtYW16LWRhdGUiLCIyMDE1MTEyNVQwNTE1MzRaIl0sWyJlcSIsIiR4LWFtei1hbGdvcml0aG0iLCJBV1M0LUhNQUMtU0hBMjU2Il0sWyJlcSIsIiR4LWFtei1jcmVkZW50aWFsIiwiQUtJQUk2U05NVUZPVklFRk9aSkEvMjAxNTExMjUvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJdXX0= -F x-amz-algorithm=AWS4-HMAC-SHA256 -F x-amz-credential=AKIAI6SNMUFOVIEFOZJA/20151125/us-east-1/s3/aws4_request -F x-amz-date=20151125T051534Z -F x-amz-signature=3523fed9cc9ffed7873411c1401d3fc2926055a88704e2d20dd49b8734a25469 -F bucket=backup -F key=2007-Mar-2/backup/ -F file=@<FILE>","timeLeft":40240153132134}

Additionally we also have https://github.com/minio/minio-js which works in browser which can be directly plugged in your HTML form.