4

Our app recently switched to direct uploads to S3 via Rails Active Storage (introduced in Rails 5.2) For the most part, it's working alright, but we're noticing that an error gets thrown around 2% of the time.

We've seen the following so far:

Status 0 (predominantly with Safari/ Mobile Safari): Error storing "File_1.jpeg". Status: 0

Status 403: Error storing "File_1.jpeg". Status: 403

Error reading: Error reading "File_1.jpeg".

I imagine the last error relates to the file itself being invalid or corrupt. However, we're unsure what could be resulting in the first two errors. Searching around, I notice posts mentioning CORS settings being incorrect. However, we've made some configuration changes before on S3, and I would also think that if it was a CORS issue, we'd see failure a lot more frequently. This is what our CORS setting is:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
    <AllowedOrigin>https://app.ourapp.com</AllowedOrigin>
    <AllowedMethod>PUT</AllowedMethod>
    <MaxAgeSeconds>3600</MaxAgeSeconds>
    <AllowedHeader>Origin</AllowedHeader>
    <AllowedHeader>Content-Type</AllowedHeader>
    <AllowedHeader>Content-MD5</AllowedHeader>
    <AllowedHeader>Content-Disposition</AllowedHeader>
</CORSRule>
</CORSConfiguration>

We noticed in one multi-upload, that a user was able to upload 12 files successfully to active storage, but 1 error-ed out with status 0. The file itself wasn't corrupt or anything.

Any clue what could be causing direct upload flakiness sometimes?

Kate
  • 89
  • 1
  • 4

4 Answers4

0

The following worked for me:

[
    {
        "AllowedHeaders": [
            "Authorization"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://example.com"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    },
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT"
        ],
        "AllowedOrigins": [
            "https://example.com"
        ],
        "ExposeHeaders": []
    }
]

Got it from here.

SecondJaBox
  • 76
  • 7
0

Error storing "File_1.jpeg". Status: 0

I have seen this error occur for our users when there is a Data Loss Prevention (DLP) tool in place, which prevents sensitive files from leaving their network. If possible, have the user's IT team check their configuration to allow uploading such files.

Josh
  • 91
  • 5
0

I had this error message due to CORS. I was quite sure it wasn't CORS, but it was, so please double check.

How to check if it's CORS

This CORS policy will configure your S3 bucket to be completely open (do not leave it like that, and do not do that on a bucket with production data, perhaps create another bucket to test with). Use this bucket with open CORS policy to see if the status:0 error goes away, for me, it did! That let me confirm this was a CORS problem.

Here's CORS to allow everything. Do not leave that in place after you've tested:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET",
            "DELETE",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]

A more refined CORS policy

Here's a more refined CORS policy that works nicely. Replace with your domain and adjust methods (PUT, POST, etc) to just the ones you need:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE",
            "GET"
        ],
        "AllowedOrigins": [
            "https://www.example.com"
        ],
        "ExposeHeaders": [
            "Origin",
            "Content-Type",
            "Content-MD5",
            "Content-Disposition"
        ]
    }
]

Small note: at first I used "https://www.example.com/" and I still got errors (had to remove the last / before it worked).

One other thing

If you're experiencing this after adding direct_uploads: true and you fixed the CORS but still get an error, inspect that error carefully. When you change to direct_upload: true, the param is no longer a file attachment, but a reference to it (a string), so you may have a to do a little refactoring in the controller to account for that, but that should be a much easier problem to solve.

stevec
  • 41,291
  • 27
  • 223
  • 311
  • this explanation removes direct uploads. don't think that's a very good answer because the point is to be using direct uploads. – Jason FB Mar 10 '23 at 16:27
  • @JasonFB thanks for letting me know, I’ll look more deeply at this and report back – stevec Mar 10 '23 at 22:42
  • @JasonFB I spent some time investigating this, and learned a lot, and you're absolutely right. This was a CORS issue all along, even though I was sure it wasn't. Thanks very much for your insightful comment which prompted me to look into it. – stevec Mar 14 '23 at 06:45
0

I saw this (consistently, not intermittently, unlike the OP question) on an app I was setting up.

I have observed Error storing "xxxx". Status: 0 when either of these are true:

• not configuring the 'bucket' setting in my config/storage.yml file.

• when the CORS is not configured for the correct host

I have observed Error storing "xxxx". Status: 400 when:

• I had configured the wrong region (but correct bucket name) for AWS

Jason FB
  • 4,752
  • 3
  • 38
  • 69