How to generate AWS S3 pre-signed URL request without knowing Content-Type?

upload file to s3 using pre signed url javascript
s3 multipart upload presigned url
s3 pre signed url example java
aws s3 pre-signed url javascript
s3 content-type
s3 getsignedurl content-type
aws s3 signed url
s3 pre-signed url headers

I am generating in server side a pre-signed URL request with the following parameters for GeneratePresignedUrlRequest : bucket, key, expiration = in 1 hour and method = PUT.

In my Angular app, I am uploading the file using ng-file-upload

    url: $scope.signedUrl,
    method: "PUT",
    headers : {
        'Content-Type': $scope.file.type
    data: $scope.file

The problem is that I always have a 403 response unless I set the type of the file in GeneratePresignedUrlRequest.contentType.

The problem is that I can't predict in advance what type of file the user will choose (image/png, image/jpeg, text/plain...).

How can I generate a pre-signed url that accept all kinds of content-type ? I tried setting it to null, it keeps sending 403 errors.


I just ran into this problem, and just got it working. Replace your Upload.http code with the following:

var reader = new FileReader();
var xhr = new XMLHttpRequest();"PUT", $scope.signedUrl);
reader.onload = function(evt) {

The problem ends up being that S3 is looking for a specific Content-Type (binary/octet-stream), which it infers when you omit the Content-Type header.

Uploading objects using presigned URLs, If you are using Microsoft Visual Studio, you can also use AWS Explorer to generate a presigned object URL without writing any code. Anyone who receives a  To generate a pre-signed URL, use the Presign method on the request object. You must set an expiration value because the AWS SDK for Go doesn’t set one by default. The following example generates a pre-signed URL that enables you to temporarily share a file without making it public. Anyone with access to the URL can view the file.

The value from the Content-Type header is a mandatory component of the signature. It isn't possible to pre-sign a PUT URL without knowing the value that will be sent.

A POST upload is more flexible, since you can allow any Content-Type in the signed policy.

Creating Pre-Signed URLs for Amazon S3 Buckets, You can generate a pre-signed URL for a PUT operation that checks whether users upload the correct content. When the SDK pre-signs a request, it computes​  The above code example shows how to generate a pre-signed POST URL for the file key s3-post.png, and shows the file upload process as well. There are several things to note here:

One possible solution might be if you keep track of the extension? eg: ends with ".jpg" -> content type = "image/jpeg", end with ".zip" -> content type = "application/octet-stream".

Ref: get the filename of a fileupload in a document through javascript

Content Type not enforced in s3 pre-signed POST · Issue #2212 , Content Type not enforced in s3 pre-signed POST #2212. Closed I'm trying to figure out content-type enforcement for s3 presigned post's. I'm currently using the AWS javascript SDK to create pre-signed POST's. (note that this question is NOT about pre-signed PUTs/URLs, another s3 feature). When trying  Generating a pre-signed URL is done entirely on the client side with no interaction with the S3 service APIs. As such, there is no validation that the object actually exists, at the time a pre-signed URL is created. (A pre-signed URL can technically even be created before the object is uploaded).

Dynamically set content-type headers for S3 presigned urls with a , A quick dev tip for working with S3 and fetch POST requests. Dev tip: How to dynamically set content-type headers for S3 presigned urls with a native fetch request Creates a “FormData” object; Adds all the AWS data to it; Adds the file object to the FormData when I spent hours trying to figure out why. Generate a Presigned URL and Upload an Object. Build a S3Presigner object that represents the client object. Next create a PresignedPutObjectRequest object that can be executed at a later time without requiring additional signing or authentication. When you create this object, you can specify the bucket name and the key name.

Overriding Content-Type And Content-Disposition Headers In , when performing a GET request with an Amazon S3 pre-signed (query string authenticated) URL. Then, we're going to create a pre-signed URL that overrides the content-type to be Include my AWS credentials (so they are not in the code). However, we *know* that the meta data provided in the. Presigned URL creation. First, the user makes a request to the /url endpoint (step 1, Figure 1). This in turn triggers a lambda function (step 2, Figure 1) which creates a presigned URL using the S3 API (step 3, Figure 1). A hash is then created from the URL and saved to the bucket (step 4, Figure 1) as a valid signature.

How to use S3 PUT signed URLs, contentType; // Validate the content type if (! There is no call to AWS to generate the signed URL and there are no checks whether the keys  Let’s walk through how to dynamically generate a pre-signed URL using these components. All objects in S3 are private by default and only the object owner has permission to access these objects.