2

我将 HTML POST 直接发送到适用于存储桶 A 的 S3 存储桶。如果我保持所有代码完全相同,但替换并签署存储桶 B 的策略,Amazon 将返回 InvalidPolicyDocument 错误。在接受发布的对象之前,是否需要启用或设置存储桶?

提前致谢!本

附言。我在策略和上传 URL 中都更改了存储桶名称。

pps。根据要求,我在 Fiddler 中跟踪了这两个请求。以下是请求和响应:

好的要求:

要求:

------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="Filename"

Blue hills.jpg
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="key"

uploads/${filename}
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="signature"

STJNaC3bFVXD9VSUPhId41yw5+w=
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="AWSAccessKeyId"

0WDZ435HNTSCJ306SXR2
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="acl"

private
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="success_action_status"

201
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="policy"

eydjb25kaXRpb25zJzogW3snYnVja2V0JzogJzB3ZHo0MzVobnRzY2ozMDZzeHIyLXRlc3QtYnVja2V0J30sIFsnc3RhcnRzLXdpdGgnLCAnJGtleScsICd1cGxvYWRzLyddLCBbJ3N0YXJ0cy13aXRoJywgJyRGaWxlbmFtZScsICcnXSwgeydhY2wnOiAncHJpdmF0ZSd9LCB7J3N1Y2Nlc3NfYWN0aW9uX3N0YXR1cyc6ICcyMDEnfV0sICdleHBpcmF0aW9uJzogJzIwMDktMDYtMTBUMTg6MTc6NTlaJ30=
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="file"; filename="Blue hills.jpg"
Content-Type: application/octet-stream

回复:

<?xml version="1.0" encoding="UTF-8"?>
<PostResponse><Location>http://0wdz435hntscj306sxr2-test-bucket.s3.amazonaws.com/uploads%2FBlue+hills.jpg</Location><Bucket>0wdz435hntscj306sxr2-test-bucket</Bucket><Key>uploads/Blue hills.jpg</Key><ETag>"6fb2a38dc107eacb41cf1656e899cf70"</ETag></PostResponse>

错误的请求:

要求:

------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="Filename"

Water lilies.jpg
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="policy"

eydjb25kaXRpb25zJzogW3snYnVja2V0JzogdScwd2R6NDM1aG50c2NqMzA2c3hyMi1tNGxiZXRhJ30sIFsnc3RhcnRzLXdpdGgnLCAnJGtleScsICd1cGxvYWRzLyddLCBbJ3N0YXJ0cy13aXRoJywgJyRGaWxlbmFtZScsICcnXSwgeydhY2wnOiAncHJpdmF0ZSd9LCB7J3N1Y2Nlc3NfYWN0aW9uX3N0YXR1cyc6ICcyMDEnfSwgeydDb250ZW50LVR5cGUnOiAnYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtJ31dLCAnZXhwaXJhdGlvbic6ICcyMDA5LTA2LTEwVDE4OjA5OjE0Wid9
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="key"

uploads/${filename}
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="signature"

u+pOKfpLrFaRhiP3lfTPbCyWl3I=
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="AWSAccessKeyId"

0WDZ435HNTSCJ306SXR2
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="acl"

private
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="success_action_status"

201
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="Content-Type"

application/octet-stream
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="file"; filename="Water lilies.jpg"
Content-Type: application/octet-stream

回复:

100
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidPolicyDocument</Code><Message>Invalid Policy: Invalid JSON.</Message><RequestId>2D883FC8947547AC</RequestId><HostId>G1r2SCbd87UmmlOU0hSY3/VTGGXBEmXdLXoxaGt4GJjpELBVHXtjn6PSAPhufLAC</HostId></Error>
0
4

2 回答 2

3

确保在操作 URL 和策略文档中更改存储桶名称。

更新

以下是这两种策略的 Base64 解码版本:

好的

{
  'conditions': [
    {
      'bucket': '0wdz435hntscj306sxr2-test-bucket'
    },
    ['starts-with', '$key', 'uploads/'],
    ['starts-with', '$Filename', ''],
    {
      'acl': 'private'
    },
    {
      'success_action_status': '201'
    }
  ],
  'expiration': '2009-06-10T18:17:59Z'
}

坏的

{
  'conditions': [
    {
      'bucket': u'0wdz435hntscj306sxr2-m4lbeta'
    },
    ['starts-with', '$key', 'uploads/'],
    ['starts-with', '$Filename', ''],
    {
      'acl': 'private'
    },
    {
      'success_action_status': '201'
    },
    {
      'Content-Type': 'application/octet-stream'
    }
  ],
  'expiration': '2009-06-10T18:09:14Z'
}

不知何故,一个额外的“你”被困在了坏政策的桶线上

于 2009-06-09T21:23:47.143 回答
0

如果您使用“100% 兼容”服务之一而不是原始 S3,请检查策略中的键顺序,expiration必须是第一个(如docs中所示)。

于 2018-05-01T07:13:10.780 回答