-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can anyone make this work with SignedURLs? #824
Comments
If you are getting a CORS error, go into the S3 Bucket, permission tab, CORS properties, and allow access: [
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"HEAD",
"GET",
"PUT",
"POST"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
] For this to work you need to use <img src="https://some-aws-link-here.com/image.png" crossorigin="anonymous"> |
Thanks for the advice. But unfortunately that means that I have to lower
security for the package. Right now I can't due to client constraint. So
all actions are only available from the site
…On Sat, May 15, 2021, 4:38 AM Helge Sverre ***@***.***> wrote:
If you are getting a CORS error, go into the S3 Bucket, permission tab,
CORS properties, and allow access:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"HEAD",
"GET",
"PUT",
"POST"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
For this to work you need to use checkOrientation: false and add a
cross-origin attribute of "anonymous":
<img src="https://some-aws-link-here.com/image.png" crossorigin="anonymous">
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#824 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADDULROA5FS2LUVH62T3JBDTNZMLFANCNFSM43M54SWQ>
.
|
@HelgeSverre, shouldn't |
I figured that it doesn't add the timestamp because the image URL is on the same domain as the site, but it redirects off to S3 after that. I still needed to add a timestamp to the local URL for it to work properly in Chrome. |
Trying to make this work with AWS Signed URLs. It causes a Canvas error. When I switch to use these settings:
checkCrossOrigin={false} //Fixes save issue
checkOrientation={false}
crossOrigin='anonymous'
Setting crossOrigin anonymous means AWS can't confirm where the request comes from. So it seems to use this bug you have to have image hotlinking exposure.
The text was updated successfully, but these errors were encountered: