策略文档或请求标头无效
Posted
技术标签:
【中文标题】策略文档或请求标头无效【英文标题】:Invalid policy document or request headers 【发布时间】:2016-03-28 21:30:39 【问题描述】:我一直在努力在 Fine Uploader 上看到一些亮点并收到“无效的策略文档或请求标头!”
我的java脚本
var s3Uploader = new qq.s3.FineUploader(
debug: true,
element: document.getElementById('fine-uploader-s3'),
template: 'qq-template-s3',
request:
endpoint: "http://xx_mybucket_xx.s3.amazonaws.com",
accessKey: "xx_my_access_public_key_xx"
,
signature:
endpoint: "http://localhost/app/ci/php-s3-server/endpoint-cors.php"
,
uploadSuccess:
endpoint: "http://localhost/app/ci/php-s3-server/endpoint-cors.php?success",
params:
isBrowserPreviewCapable: qq.supportedFeatures.imagePreviews
,
在我的端点-cors.php 中
$clientPrivateKey = 'xx_my_access_secret_key_xx';
..
$serverPublicKey = 'xx_my_aws_admin_public_key_xx';
$serverPrivateKey = 'xx_my_aws_admin_private_key_xx';
...
$expectedBucketName = 'xx_mybucket_xx';
$expectedHostName = 'http://s3.amazonaws.com';
function handleCorsRequest()
header('Access-Control-Allow-Origin: http://localhost');
具有密钥 xx_my_access_public_key_xx/xx_my_access_secret_key_xx 的用户的 AWS 策略
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::xx_mybucket_xx/*"
]
AWS CORS
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>*</AllowedHeader>
<AllowedHeader>x-amz-acl</AllowedHeader>
<AllowedHeader>x-amz-meta-qqfilename</AllowedHeader>
<AllowedHeader>x-amz-date</AllowedHeader>
<AllowedHeader>authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
请求标头
Request URL:http://localhost/app/ci/php-s3-server/endpoint-cors.php
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:80
Response Headers
view source
Access-Control-Allow-Origin:http://localhost
Connection:Keep-Alive
Content-Length:16
Content-Type:application/json
Date:Mon, 28 Mar 2016 21:10:38 GMT
Keep-Alive:timeout=5, max=98
Server:Apache/2.4.18 (Win32) OpenSSL/1.0.2e PHP/7.0.1
X-Powered-By:PHP/7.0.1
Request Headers
view source
Accept:application/json
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:295
Content-Type:application/json; charset=UTF-8
Cookie:wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_f20b39b0cd3496e33513d2bacf01cb08=testuser%7C1459195033%7CKXV9QrEMyDcLAYJlaGTgICQ74f8iTwm5yUxGjR0SvO0%7C96cdcd43f9a8bb882ca9603a76e08da613398daa202a5b5a1674b5f28ef899a9; PHPSESSID=5bhdaq99o6pa0cagp6d0rsq9s2; _ga=GA1.1.446199661.1458860695
Host:localhost
Origin:http://localhost
Referer:http://localhost/app/ci/s3.fine-uploader/templates/s3test.html
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Request Payload
view source
expiration: "2016-03-28T21:15:38.137Z",…
conditions
:
[acl: "private", bucket: "xx_mybucket_xx", Content-Type: "image/png",…]
expiration
:
"2016-03-28T21:15:38.137Z"
回应
"invalid":true
【问题讨论】:
【参考方案1】:服务器的响应表明服务器拒绝签名请求。如果您使用example PHP S3 signature server code provided in the Fine Uploader GitHub repo,请求将因以下一种或多种原因而被拒绝:
与请求关联的存储桶与您在 PHP 文件中为 $expectedBucketName 变量设置的值不匹配。如果您提供的存储桶名称不正确,则可能会发生这种情况。检查并确保您提供的存储桶名称准确无误。
文件大小大于您为$expectedMaxSize 指定的值。如果您不想验证大小,则应将其设置为null,或者如果您确实想将文件限制为特定大小,则应将其设置为以字节为单位的特定数字。
此外,您似乎没有任何理由使用 endpoint-cors.php。根据您发布的 JS,对您的签名服务器的所有请求都是同源的。你应该使用endpoint.php。
【讨论】:
我已验证指定的值 $expectedBucketName 与 AWS 存储桶名称匹配。我没有为 S3_MAX_FILE_SIZE 设置任何值,因此 $expectedMaxSize 默认为空。 当对 endpoint.php 的更改......收到......[Fine Uploader 5.5.0] 尝试解析签名响应时出错:SyntaxError: Unexpected token以上是关于策略文档或请求标头无效的主要内容,如果未能解决你的问题,请参考以下文章
Google People API:请求具有无效的身份验证凭据 - 未设置授权承载标头
HTTP 状态 403 - 在请求参数“_csrf”或标头“X-CSRF-TOKEN”上发现无效的 CSRF 令牌“null”
在 Broadleaf 项目中 HTTP 状态 403 - 在请求参数“_csrf”或标头“X-CSRF-TOKEN”上发现无效的 CSRF 令牌“null”
无效主机/ Referer请求标头的最合适的HTTP状态代码是什么?