0

I've created a bucket where policy makes it mandatory to specify the content-type of the object being uploaded. If I specify the content-type after file element, (example below) 

<form action="..">
...
<input type='file' name='file' />
<input name='content-type' value='image/jpeg' />
<input type='submit' />
</form>

it returns following error

<Error>
    <Code>AccessDenied</Code>
    <Message>Invalid according to Policy: Policy Condition failed: ["starts-with", "$Content-Type", ""]</Message>
    <RequestId>15063EB427B4A469</RequestId>
    <HostId>yEzAPF4Z2inaafhcqyQ4ooLVKdwnsrwqQhnYg6jm5hPQWSOLtPTuk0t9hn+zkBEbk+rP4S5Nfvs=</HostId>
</Error>

If I specify content-type before file element, upload works as expected. I encountered this behaviour for the first time. I have a few questions regarding it.

  1. Is it part of some specification where clients and all intermediate proxies are supposed to maintain order of http post params? Please point me to it.

  2. Why would you make your API be aware of such ordering? In this particular case I can guess that the file can be huge and unless you are seeing all expected params before, you should immediately return failure. Please correct me if my understanding is not correct.

aamir
  • 3,753
  • 4
  • 23
  • 34

1 Answers1

1

It is part of the spec that the parts are sent as ordered in the form. There is no reason to believe that reordering by an intermediate proxy would be allowed.

The form data and boundaries (excluding the contents of the file) cannot exceed 20K.

...

The file or content must be the last field in the form.

http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTForms.html#sigv4-HTTPPOSTFormFields

The logical assumption is that this design allows S3 to reject invalid uploads early.

Community
  • 1
  • 1
Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427