无效的政策文件或请求标头

时间:2016-03-28 21:30:39

标签: fine-uploader

我一直在努力看到Fine Uploader的一些亮点并获得“无效的政策文件或请求标题!”

我的java脚本

var s3Uploader = new qq.s3.FineUploader({
    debug: true,
    element: document.getElementById('fine-uploader-s3'),
    template: 'qq-template-s3',
    request: {
        endpoint: "http://xx_mybucket_xx.s3.amazonaws.com",
        accessKey: "xx_my_access_public_key_xx"
    },
    signature: {
        endpoint: "http://localhost/app/ci/php-s3-server/endpoint-cors.php"
    },
    uploadSuccess: {
        endpoint: "http://localhost/app/ci/php-s3-server/endpoint-cors.php?success",
        params: {
            isBrowserPreviewCapable: qq.supportedFeatures.imagePreviews
        }
    },

在我的endpoint-cors.php

$clientPrivateKey = 'xx_my_access_secret_key_xx';
..
$serverPublicKey = 'xx_my_aws_admin_public_key_xx';
$serverPrivateKey = 'xx_my_aws_admin_private_key_xx';
...
$expectedBucketName = 'xx_mybucket_xx';
$expectedHostName = 'http://s3.amazonaws.com'; 

function handleCorsRequest() {  
    header('Access-Control-Allow-Origin: http://localhost');
}

使用密钥xx_my_access_public_key_xx / xx_my_access_secret_key_xx

的用户的AWS策略
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::xx_mybucket_xx/*"
        }
    ]
}

AWS CORS

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <ExposeHeader>ETag</ExposeHeader>
        <AllowedHeader>*</AllowedHeader>
        <AllowedHeader>x-amz-acl</AllowedHeader>
        <AllowedHeader>x-amz-meta-qqfilename</AllowedHeader>
        <AllowedHeader>x-amz-date</AllowedHeader>
        <AllowedHeader>authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

请求标题

Request URL:http://localhost/app/ci/php-s3-server/endpoint-cors.php
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:80
Response Headers
view source
Access-Control-Allow-Origin:http://localhost
Connection:Keep-Alive
Content-Length:16
Content-Type:application/json
Date:Mon, 28 Mar 2016 21:10:38 GMT
Keep-Alive:timeout=5, max=98
Server:Apache/2.4.18 (Win32) OpenSSL/1.0.2e PHP/7.0.1
X-Powered-By:PHP/7.0.1
Request Headers
view source
Accept:application/json
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:295
Content-Type:application/json; charset=UTF-8
Cookie:wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_f20b39b0cd3496e33513d2bacf01cb08=testuser%7C1459195033%7CKXV9QrEMyDcLAYJlaGTgICQ74f8iTwm5yUxGjR0SvO0%7C96cdcd43f9a8bb882ca9603a76e08da613398daa202a5b5a1674b5f28ef899a9; PHPSESSID=5bhdaq99o6pa0cagp6d0rsq9s2; _ga=GA1.1.446199661.1458860695
Host:localhost
Origin:http://localhost
Referer:http://localhost/app/ci/s3.fine-uploader/templates/s3test.html
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Request Payload
view source
{expiration: "2016-03-28T21:15:38.137Z",…}
conditions
:
[{acl: "private"}, {bucket: "xx_mybucket_xx"}, {Content-Type: "image/png"},…]
expiration
:
"2016-03-28T21:15:38.137Z"

响应

{"invalid":true}

1 个答案:

答案 0 :(得分:0)

服务器的响应表明服务器拒绝签名请求。如果您使用的是example PHP S3 signature server code provided in the Fine Uploader GitHub repo,则会因以下一个或多个原因拒绝该请求:

  • 与请求关联的存储桶与您在PHP文件中为$expectedBucketName变量设置的值不匹配。如果您提供的存储桶名称不正确,则可能会发生这种情况。检查并确保您提供的存储桶名称准确无误。

  • 文件大小大于您为$expectedMaxSize指定的值。如果您不想验证大小,则应将此值设置为null,如果您 想要将文件限制为特定大小,则应将其设置为特定的字节数。

此外,您似乎没有任何理由使用endpoint-cors.php。根据您发布的JS,对您的签名服务器的所有请求都是同源的。你应该使用endpoint.php。