Services Plugins FAQs

AWS Fileupload - CORS Problems

Plugins
#1

Good morning,

We have been using for several months your plugin to upload files to our AWS s3 bucket. The problem is that if we set in the CORS configuration the following JSON, the plugin returns the error RESPOND 0, and does not allow to upload any file:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "DELETE",
            "POST"
        ],
        "AllowedOrigins": [
            "MYDOMAIN",
            "MYDOMAIN2"
        ],
        "ExposeHeaders": [
            "ETag"
        ],
        "maxAgeSeconds": 30000
    }
]

The only solution we have found is to allow setting the AllowedOrigins to “*”, but that involves a bit of insecurity in that anyone could upload files to the bucket.

        "AllowedOrigins": [
            "*"
        ],

It also doesn’t work correctly to access the files only from our url.

I followed the instructions in this url: https://docs.zeroqode.com/plugins/aws-file-uploader-plugin

Could you help us?

Thanks

#2

Hello, @pbenito
Thanks for reaching out.

As I understand you correctly, you are willing to restrict access to your application to users from the outsider domain.
It is possible, but the way you indicate the domain is strictly established:

For example, you can use the following JSON for CORS policy to allow access from your domain only (change the allowed origin to the URL of your app starting with https://)

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "DELETE",
            "POST"
        ],
        "AllowedOrigins": [
            "https://yourdomain.com",
            "https://yourdomain.bubbleapps.io"
        ],
        "ExposeHeaders": [
            "ETag"
        ],
        "MaxAgeSeconds": 30000
    }
]

As you can find in this example, you need to indicate the domain with the Bubble path and without it. Please try it :pray:

Within documentation was provided just our example of the settings since each AWS user is able to configure the bucket and its policies according to its needs.
The setting up of the CORS is not the part that is covered by the plugin’s functionality.

You can find more Bucket Policy examples here. Feel free to try out other rules in order to improve your bucket security.

Looking to hearing from you soon.
Best regards,