0

PUT requests made to signed S3 URL's provided by node server return 400 error: "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256."

I assume my credentials are being sent correctly because the signed URL is being returned to the server. Also, the bucket's CORS policy is configured to allow requests from any origin.

Server code:

router.post('/avatar', (req, res) => {
  var s3 = new aws.S3();

  var params = {
    Bucket: 'knows',
    Key: req.body.fileName + '-' + Date.now(),
    Expires: 120,
    ContentType: req.body.fileType,
    ACL: 'public-read'
  };

  s3.getSignedUrl('putObject', params, function(err, data) {
    if (err) {
      res.json({err: err})
    } else {
      console.log(data)
      res.json({signedUrl: data})
    }
  })
})

Client code(react):

handleSubmit(event){
  event.preventDefault();
  var fileObject = {
    fileName: this.state.file.name,
    fileType: this.state.file.type
  }
  axios.post('/user/avatar', fileObject).then(response => {
    axios.put(response.data.signedUrl, this.state.file).then(result => {
      console.log(result)
    }).catch(err => {
      console.log(err)
      alert('Upload failed :(')
    })
  }).catch(err => {
    alert('Upload failed :(')
  })
}

Could it have something to do with setting a custom Key on the server?

Alexander Miller
  • 63
  • 1
  • 6
  • [See this answer](https://stackoverflow.com/questions/26533245/the-authorization-mechanism-you-have-provided-is-not-supported-please-use-aws4). – Matt Clark Jun 07 '18 at 23:36
  • @AlexanderMiller, your assumption is premised on your belief that *"signed URL is being returned to the server"* but this is not how signed URLs work. Signed URLs use a one-way hashing algorithm (HMAC) to create a signature that proves your credentials were used to authorize the request. They are generated locally, in your code, with no interaction with the service. The service is unaware of signed URLs until they are actually used. Completely invalid credentials can generate signed URLs -- they just won't work. But your issue is different. Your credentials are not being checked. – Michael - sqlbot Jun 08 '18 at 01:41

0 Answers0