0

我在使用 POST 执行直接上传到 S3 时遇到问题(使用 csrf)。

这是代码:

<form action="https://mymediaurl/" method="post" enctype="multipart/form-data">
    <input type="hidden" name="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" value="{{ access_key }}">
    <input type="hidden" name="acl" value="private">
    <input type="hidden" name="success_action_redirect" value="http://localhost/">
    <input type="hidden" name="policy" value="{{ policy }}">
    <input type="hidden" name="signature" value="{{ signature }}">
    <input type="hidden" name="Content-Type" value="image/jpeg">
    <!-- Include any additional input fields here -->

    File to upload to S3:
    <input name="file" type="file">
    <br>
    <input type="submit" value="Upload File to S3">
</form>

这是错误:

<Code>AccessDenied</Code>
<Message>
    Invalid according to Policy: Extra input fields: csrfmiddlewaretoken
</Message>

包含 csfr 的源代码:

<form action="https://mymediaurl/" method="post" enctype="multipart/form-data">
    <div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='123412341234' /></div>
    <div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='123412341234' /></div>
    <input type="hidden" name="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" value="ASFDFDSF">
    <input type="hidden" name="acl" value="private">
    <input type="hidden" name="success_action_redirect" value="http://localhost/">
    <input type="hidden" name="policy" value="asdhfkajewhlfawe">
    <input type="hidden" name="signature" value="asdfasdfasdf">
    <input type="hidden" name="Content-Type" value="image/jpeg">
    <!-- Include any additional input fields here -->

    File to upload to S3:
    <input name="file" type="file">
    <br>
    <input type="submit" value="Upload File to S3">
</form>

我尝试将 csrfmiddlewaretoken 添加到我的策略文档中,但这不起作用。有没有人遇到过这个问题并找到了解决方案?我搜索了高低,但似乎无法找到这个特定问题的答案。

如果重要的话,为这个项目运行 Django 1.3.1..

4

1 回答 1

0

在克里斯托弗的评论的帮助下回答我自己的问题。

这是我的政策文件:

{"expiration": "2014-01-01T00:00:00Z",
"conditions": [
    {"bucket": "media.somehost.com"},
    ["starts-with", "$key", "uploads/"],
    ["starts-with", "$csrfmiddlewaretoken", ""],
    {"acl": "private"},
    {"success_action_redirect": "http://localhost/"},
    ["starts-with", "$Content-Type", ""],
    ["content-length-range", 0, 1048576]
]

我只需要以csrfmiddlewaretoken正确的格式将其添加到我的策略中。

于 2012-09-04T14:16:45.170 回答