Ghostery breaks direct Amazon S3 uploads that use pre-signed URLs #263
Assignees
Comments
rbjarnason
changed the title
|
@rbjarnason Thanks for the heads up. This looks like a false-positive in our anti-tracking system. We're currently working on a fix. |
|
We've updated our whitelist implementation on the anti-tracking back-end to fix this issue. @rbjarnason Could you please test and let us know if the problem is resolved? |
|
@christophertino This works now, thanks for a quick response, I'm closing the ticket. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We've been adding video upload features to our open source citizens participation application. After quite a bit of debugging we've found that Ghostery blocks our direct uploads to Amazon S3 using pre signed URLs. The reason is that Ghostery rewrites the outgoing PUT query string parameter from "x-amz-acl: bucket-owner-full-control" to "x-amz-acl: ghostery" invalidating the signature on that URL.
Here is the relevant code from our side: https://github.com/CitizensFoundation/your-priorities-app/blob/master/client_app/src/yp-file-upload/yp-file-upload.html#L759
Expected Behavior
We expect Ghostery not to rewrite our x-amz-acl query parameter to ghostery and to be able to upload files directly to S3 without 403 errors.
Actual Behavior
Ghosty rewrites the query string parameter from "x-amz-acl: bucket-owner-full-control" to "x-amz-acl: ghostery" invalidating the signature on that URL.
Steps to Reproduce
Versions
The text was updated successfully, but these errors were encountered: