Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PUT signed URL include mimetype and content length for improved security? #74

Open
alexcroox opened this issue Oct 15, 2024 · 0 comments
Open

PUT signed URL include mimetype and content length for improved security? #74

alexcroox opened this issue Oct 15, 2024 · 0 comments

Comments

@alexcroox
Copy link

alexcroox commented Oct 15, 2024
edited
Loading

I'm looking to replace the S3 SDKs with this library and one item I can't work out from the examples is how to make content length and mime type part of the signing request so the client cannot upload a huge file to the key, or a malicious mime type.

Here is my current S3 SDK signing request I'm looking to replace:

  return await getSignedUrl(
    client,
    new PutObjectCommand({ Bucket: media.bucket, Key: key, ContentType: mimeType }),
    {
      expiresIn: expiresSeconds
    }
  )

What I have so far:

const endpoint = new URL(key, `https://${media.bucket}.${media.accountId}.r2.cloudflarestorage.com`)

endpoint.searchParams.set('X-Amz-Expires', expiresSeconds.toString())

const { url } = await client.sign(endpoint, {
  method: 'PUT',
  aws: { signQuery: true }
})

Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexcroox