Browser Uploads to Walrus using HTML POST Forms does not work.

Bug #682564 reported by Hirokazu Shimaoka on 2010-11-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Eucalyptus
Fix Committed
Undecided
Neil Soman

Bug Description

Problem Summary:
I can't upload to Walrus using HTML POST Forms.
Because the UploadPolicyChecker checks all fields including AWSAccessKeyId, signature, policy and files.
Amazon S3 does not check these fields.
In addition, it seemed that the policy mast include "Content-Type" and "content-type".

Applies To:
eucalyptus-2.0.1-src-offline.tar.gz

For examples:
The responce of this Post form is Failure 403.

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form action="http://localhost:8773/services/Walrus/test" method="post" enctype="multipart/form-data">
<input type="text" name="key" value="testfile.txt" />
<input type="text" name="acl" value="public-read" />
<input type="text" name="content-type" value="text/plain" />
<input type="hidden" name="AWSAccessKeyId" value="ACCESS_KEY" />
<input type="hidden" name="policy" value="POLICY_DOCUMENT_BASE64_ENCODED" />
<input type="hidden" name="signature" value="CALCULATED_SIGNATURE" />
<input name="file" type="file" />
<input name="submit" value="Upload" type="submit" />
</form>
</body>
</html>

Failure: 403 Forbidden
com.eucalyptus.auth.login.AuthenticationException: All fields except those marked with x-ignore- should be in policy.

Related branches

Changed in eucalyptus:
assignee: nobody → Neil Soman (neilsoman)
Neil Soman (neilsoman) wrote :

AWSAccessKeyId, signature, file, policy, submit are actually ignored by UploadPolicyChecker.

There was an issue with "content-type" being included twice (once as "Content-Type" and then again as "content-type").

Fixed in revno 1261.

Changed in eucalyptus:
status: New → Fix Committed
Andy Grimm (agrimm) wrote :

This issue is now being tracked upstream at http://eucalyptus.atlassian.net/browse/EUCA-2746

Please watch that issue for further updates.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers