Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can anyone make this work with SignedURLs? #824

Closed
developdeez opened this issue Apr 22, 2021 · 4 comments
Closed

Can anyone make this work with SignedURLs? #824

developdeez opened this issue Apr 22, 2021 · 4 comments
Labels
help wanted

Comments

@developdeez
Copy link

Trying to make this work with AWS Signed URLs. It causes a Canvas error. When I switch to use these settings:
checkCrossOrigin={false} //Fixes save issue
checkOrientation={false}
crossOrigin='anonymous'

Setting crossOrigin anonymous means AWS can't confirm where the request comes from. So it seems to use this bug you have to have image hotlinking exposure.
@shekhar-shubhendu shekhar-shubhendu mentioned this issue Apr 29, 2021
Closed
@HelgeSverre
Copy link

If you are getting a CORS error, go into the S3 Bucket, permission tab, CORS properties, and allow access:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "HEAD",
            "GET",
            "PUT",
            "POST"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]

For this to work you need to use checkOrientation: false and add a cross-origin attribute of "anonymous":

<img src="https://some-aws-link-here.com/image.png" crossorigin="anonymous">

@developdeez
Copy link
Author

developdeez commented May 15, 2021 via email

@brendon
Copy link

brendon commented Apr 12, 2022

@HelgeSverre, shouldn't checkCrossOrigin: true add crossorigin="anonymous" to the image or am I misreading the code? In my experiments it doesn't. It also doesn't add the timestamp to bust the cache.

@brendon
Copy link

brendon commented Apr 27, 2022

I figured that it doesn't add the timestamp because the image URL is on the same domain as the site, but it redirects off to S3 after that. I still needed to add a timestamp to the local URL for it to work properly in Chrome.

@oshiro3 oshiro3 mentioned this issue Jun 4, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brendon @HelgeSverre @fengyuanchen @developdeez