如何通过POST绕过CRFSMIDDLEWARE错误到Amazon S3?

时间:2012-08-31 18:01:51

标签: django upload amazon-s3 amazon-web-services csrf

我遇到问题(使用csrf)使用POST执行直接上传到S3。

以下是代码:

<form action="https://mymediaurl/" method="post" enctype="multipart/form-data">
    <input type="hidden" name="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" value="{{ access_key }}">
    <input type="hidden" name="acl" value="private">
    <input type="hidden" name="success_action_redirect" value="http://localhost/">
    <input type="hidden" name="policy" value="{{ policy }}">
    <input type="hidden" name="signature" value="{{ signature }}">
    <input type="hidden" name="Content-Type" value="image/jpeg">
    <!-- Include any additional input fields here -->

    File to upload to S3:
    <input name="file" type="file">
    <br>
    <input type="submit" value="Upload File to S3">
</form>

这是错误:

<Code>AccessDenied</Code>
<Message>
    Invalid according to Policy: Extra input fields: csrfmiddlewaretoken
</Message>

包含csfr的源代码:

<form action="https://mymediaurl/" method="post" enctype="multipart/form-data">
    <div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='123412341234' /></div>
    <div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='123412341234' /></div>
    <input type="hidden" name="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" value="ASFDFDSF">
    <input type="hidden" name="acl" value="private">
    <input type="hidden" name="success_action_redirect" value="http://localhost/">
    <input type="hidden" name="policy" value="asdhfkajewhlfawe">
    <input type="hidden" name="signature" value="asdfasdfasdf">
    <input type="hidden" name="Content-Type" value="image/jpeg">
    <!-- Include any additional input fields here -->

    File to upload to S3:
    <input name="file" type="file">
    <br>
    <input type="submit" value="Upload File to S3">
</form>

我尝试将csrfmiddlewaretoken添加到我的策略文档中,但这不起作用。有没有人遇到这个问题并找到了解决方案?我搜索过高低,但似乎无法找到这个特定问题的答案。

如果重要的话,为这个项目运行Django 1.3.1 ..

1 个答案:

答案 0 :(得分:0)

在克里斯托弗的评论的帮助下回答我自己的问题。

这是我的政策文件:

{"expiration": "2014-01-01T00:00:00Z",
"conditions": [
    {"bucket": "media.somehost.com"},
    ["starts-with", "$key", "uploads/"],
    ["starts-with", "$csrfmiddlewaretoken", ""],
    {"acl": "private"},
    {"success_action_redirect": "http://localhost/"},
    ["starts-with", "$Content-Type", ""],
    ["content-length-range", 0, 1048576]
]

我只需要使用正确的格式将csrfmiddlewaretoken添加到我的政策中。

相关问题
最新问题