New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support FormPost for uploading directly from the browser #43

robert-bor opened this Issue Jul 30, 2013 · 0 comments


None yet
1 participant

robert-bor commented Jul 30, 2013


It is possible to upload a file directly from the browser to the ObjectStore using FormPost. This is the code in the HTML:

<form action="" method="POST"
    <input type="hidden" name="redirect" value="" />
    <input type="hidden" name="max_file_size" value="104857600" />
    <input type="hidden" name="max_file_count" value="10" />
    <input type="hidden" name="expires" value="1375255337" />
    <input type="hidden" name="signature" value="c264da6ff7910a6a161e2da4b546c3aeee1a3d9a" />
    <input type="file" name="file1" /><br />
    <input type="submit" />

Technical background

JOSS must be capable of generating the signature for FormPost on the basis of the following parameters:

  • path (same mechanism as TempURL)
  • redirect
  • max_file_size
  • max_file_count
  • expires (same mechanism as TempURL)

I got it working in a test setup with this configuration:

path: /v1/AUTH_0fef7424e0f44779abf6e98d0bae9874/installables
max_file_size: 104857600
max_file_count: 10
expires: 1375255337
signature: c264da6ff7910a6a161e2da4b546c3aeee1a3d9a

This python code helps in determining the signature:

import hmac
from hashlib import sha1
from time import time
print '============'
path = '/v1/AUTH_0fef7424e0f44779abf6e98d0bae9874/installables'
print 'path: '+path
redirect = ''
print 'redirect: '+redirect
max_file_size = 104857600
print 'max_file_size: '+str(max_file_size)
max_file_count = 10
print 'max_file_count: '+str(max_file_count)
expires = int(time() + 86400)
print 'expires: '+str(expires)
key = '********'
hmac_body = '%s\n%s\n%s\n%s\n%s' % (path, redirect,
    max_file_size, max_file_count, expires)
signature =, hmac_body, sha1).hexdigest()
print 'signature: '+signature

Note that the official documentation places a '/' at the end of path. This doesn't work.


@ghost ghost assigned robert-bor Jul 30, 2013

robert-bor added a commit that referenced this issue Jul 30, 2013

@robert-bor robert-bor closed this Jul 30, 2013

katta pushed a commit to twxkit/joss that referenced this issue Oct 6, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment