Question

CORS issue with presigned URL once I add ACL: 'PublicRead'

Hello,

So I’m trying to upload to Spaces using the AWS s3 presigned URL SDK, but I’m getting a CORS error whenever I set the ACL to public read.

// generates URL without "x-amz-acl=public-read"
// does not throw CORS error, but uploads a private file that blocks public access

const s3Params = {
    Bucket: process.env.UploadBucket,
    Key,
    Expires: URL_EXPIRATION_SECONDS,
    ContentType: decodeURIComponent(mimeType)
  }
  const uploadURL = await s3.getSignedUrlPromise('putObject', s3Params)


// generates URL with "x-amz-acl=public-read" query string parameter
// throws CORS error when I try to PUT an object there

const s3Params = {
    Bucket: process.env.UploadBucket,
    Key,
    Expires: URL_EXPIRATION_SECONDS,
    ContentType: decodeURIComponent(mimeType),
    ACL: 'public-read'
  }
  const uploadURL = await s3.getSignedUrlPromise('putObject', s3Params)

In my spaces config, I have Allowed Headers set to “*”, so I’m not sure what is causing the CORS error. Any ideas?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer