Question

CORS issue with presigned URL once I add ACL: 'PublicRead'

Hello,

So I’m trying to upload to Spaces using the AWS s3 presigned URL SDK, but I’m getting a CORS error whenever I set the ACL to public read.

// generates URL without "x-amz-acl=public-read"
// does not throw CORS error, but uploads a private file that blocks public access

const s3Params = {
    Bucket: process.env.UploadBucket,
    Key,
    Expires: URL_EXPIRATION_SECONDS,
    ContentType: decodeURIComponent(mimeType)
  }
  const uploadURL = await s3.getSignedUrlPromise('putObject', s3Params)


// generates URL with "x-amz-acl=public-read" query string parameter
// throws CORS error when I try to PUT an object there

const s3Params = {
    Bucket: process.env.UploadBucket,
    Key,
    Expires: URL_EXPIRATION_SECONDS,
    ContentType: decodeURIComponent(mimeType),
    ACL: 'public-read'
  }
  const uploadURL = await s3.getSignedUrlPromise('putObject', s3Params)

In my spaces config, I have Allowed Headers set to “*”, so I’m not sure what is causing the CORS error. Any ideas?

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer