Services Plugins FAQs

AWS uploader insecure objets

Thanks for answering.

I make the change that you recommend and yes, indeed the image is displayed within my website, but it is also displayed outside of it.

We return to the original problem.

The search result is:

  1. Image is displayed on my website on my own domain
  2. Image does not show if I open the URL from another browser window.

This if I update it within “public access blocking settings corresponding to this account”

If I do it from “Block public access (bucket configuration)”.

The image is not accessible from my website and it is not accessible from another browser window.

I assume this happens because the account permissions outweigh the bucket.

Try to make the recommended changes first from the account permissions and what you comment first happens.

From the Bucket configuration, the second thing you comment happens.

If I make the change in both permissions (Account and bucket) the same thing happens as in the first case, the file is accessible from my domain and from another browser.

For what it’s worth, try using the File uploader (Not GUI) and I’m getting this error code.

Which indicates that the file would not be uploading. I don’t know if this has something to do with the main problem. I guess so, because this is also related to permissions.

Captura de Pantalla 2021-05-17 a la(s) 22.12.48

Captura de Pantalla 2021-05-17 a la(s) 22.13.21

Hello, @maxi
Thanks for your request.

In order to fix the appeared issue and to clarify the Access rules for your bucket, please allow me to recommend this documentation: https://keithweaverca.medium.com/only-allowing-access-to-your-s3-bucket-via-your-website-5ca5c8546152

Here you can find some useful states regarding the specific CORS and IAM user access.

Please carefully analyze it and let me know if it was helpful for you.
Regards,

Check the documentation that tells me but it is more of the same.

I attach images in which you can see that the CORS is the same and as for the other IAM user permissions it is also all correct.

It is frustrating since I buy the plugin based on their documentation and pay the $ 85 but the plugin does not work as described in their documentation. I followed the steps in the officially provided documents so I did not touch absolutely anything that could be interfering with the correct configuration of the plugin.

He told me that a team of you checked the permissions in S3 and that the problem was solved and without touching anything on my part I verify that the problem persists.

Which makes me think or the documentation was outdated and the plugin only allows uploading and displaying files in public buckets or deliberately reporting incorrectly in the documentation and then not knowing how to solve the derived problems.

I have been trying to solve this problem for more than 1 month and the putting into production of my project is stopped due to this inconvenience since when looking for a hosting solution I opted for AWS using its plugin after carefully reading all the documentation and testing the online demo .

I do not see from the support team and without offending that they are providing a real solution since they only tell me “change this” and it is something that we had already changed a month ago.

We continue going around in circles and my launch is delayed for 3 weeks due to not being able to solve this problem.

I could ask the developer to create the plugin that I assume he understands its operation well, if he can enter my S3 with the access data that I send him by mail to correct the problem or definitely tell me if this has no solution and that he informed him in his documentation is false and if there is no solution, it would be really nice after so many problems that they will return the money paid since the lost time I will not be able to recover

I appreciate what you are doing with all my heart, but it is not working and I really have no more time to waste because this delay is costing me money.

Thanks

Hi @Ecaterina

This morning I decided to try all the steps again creating a new bucket, permissions, etc. to check if maybe, I had made a mistake.

But the problem persists even with the new bucket.

I really need to move forward with my project and this is a problem. I propose to use public access to continue advancing while you evaluate options to solve this problem since looking in the forum I found that other users of the plugin have the same or similar problems.

They can use the data I send them to access my bucket and test everything they need, I am going to use the new bucket to put my project into production and as soon as they can solve it I would ask them to replicate the solution in my new bucket so as not to have have to move all the files from one place to another.

I only ask that you really look and find a solution and not just file my problem since as I said it is the problem of several that we trust and invest our money in their plugins or templates and it would be really horrible to see that they cannot deal with the problems of their customers.

Is this solution okay?

Hello, @maxi

Please let me assure you that I understand your frustration. But also let me please make clearer a few moments.

  1. Your initial request was referring to the AWS plugin’s functionality, specifically - you were looking for help with granding the access to your bucket’s files only to users from your domain.

We checked your application after your request and set the correct AWS Policy Rules. After some tests, we defined that the image links (URLs) are visible only for users from your domain, as per your request.

  1. Your second request was to help you find the way to display protected images from your bucket via Bubble’s image element in your app (images with the specific domain access protection).

From our side, we have tried to investigate this case in an attempt to find a workaround or a solution for your request. But please take into consideration that, unfortunately, we can not affect the ability of Bubble’s image element to display the protected AWS links. It means, that from our side we cannot change the opportunity of the Bubble’s image element to be able to have the access to a protected file on your AWS bucket and, as a result, to display the image within your app only for the users who’s access rights allow to see the protected image. This is beyond our plugin functionality and the service we can provide.

We do understand your situation and still willing to help you. For this reason, our team is working on an investigation of your use case.

So, if you don’t mind, we’d like to continue an investigation of your second request and in case if we find any useful info or possible workaround - I let you know immediately.

Thank you for the understanding and your time. We will revert to you ASAP. :pray:
Best regards,

Hi Ecaterina,

I think there is a slight confusion.

My first requirement was to show the images uploaded from the plugin in my S3 on my website with my specific domain.

And there is no other requirement.

It is assumed that if the images could be displayed within my website with my specific domain, I could display them in a bubble image component, or how else would it be possible to display them?

So it is not a special use case.

  1. Upload image to S3
  2. Image can be viewed on my website (domain.com) (image component is the only way to display an image within Bubble).
  3. Image cannot be seen outside of my domain

At no time do I change my requirement, I only clarify it so that it is understood that I am not asking for different things.

Anyway, I will wait until you can investigate the situation and give me a solution since I am sure that the problem is in the way in which the plugin uses the S3 permissions.

Consulting other developers they told me that it may be necessary to sign the domain and cookies with ClouFront for it to work, but I don’t know if this would work with their plugin. Maybe Zeroqode team can check this?

Hello, @maxi
Thanks for the details.

I apologize, but I’m sure that your initial request was related to the possibility to deny access for outsider users to the files, which were downloaded to your AWS Bucket.

Anyway, please allow me to remind you that AWS File Uploader Plugin allows you or your users to upload files from Bubble apps directly to your AWS (Amazon Web Services) S3 Bucket without any file size limits.

The plugin comes with the multi-file uploader element as well as the S3 objects element that returns a list of all the files uploaded to your AWS S3 bucket or a special folder on that bucket. The plugin also allows you to delete S3 objects from your bucket.

So, this plugin is a bridge between your application and the AWS Bucket ( file storage). To prevent any actions with your files from outsiders, AWS allows you to protect your files by setting different policy rules.

We have investigated your case and came to the following conclusion:

There is no issue with the plugin. It fully performs its function, namely, upload files from Bubble apps directly to your AWS (Amazon Web Services) S3 Bucket without any file size limits.

The main issue is that you try to display the link to the file, which already was uploaded to your AWS Bucket ( protected by privacy rules), into the Image Component, which cannot display the private link. Unfortunately, this is impossible.

Please allow me to recommend your next workflow:
Upload an images\videos on your website without taking the link from the AWS (directly to the image component) just add conditions ( this element is hidden if the user is not logged in ) for every required element.
In case you are willing to use AWS Bucket for this process, you can’t deny access to your bucket files.

We are sorry for this experience, however, we have done our best to investigate it.
Best regards,

Thanks for your reply Ecaterina,

I appreciate that they reviewed my case but I can’t quite understand something

According to you, the plugin works perfectly because it works to upload files to my S3 bucket.

At no time did I question this about the plugin (although other things such as deleting the files did not work).

What I always consulted was how I could achieve that the files hosted in my S3 bucket, which were uploaded from the plugin, could be accessible only from my main domain, and that in case someone copied and pasted the link in another browser, could not see the file.

Their main response was to go to the plugin documentation, specifically to sections 3 and 4 of the documentation, where they talk about IAM Security Roles and AWS S3 Bucket located on the desired server.

Here is the image of your response at that time.

In this part of the document it clearly shows the example of what I want to achieve and what I cannot achieve.

According to their own documentation, if I apply the steps indicated in the document, I should be able to protect my files so that they are only accessible from my domain.

I attach an image of this point in your documentation.

Apply the indicated steps and the result I got was not what you indicated in the plugin documentation.

I got in touch with you to try to solve the problem, after much explaining the situation and going around between the permissions and not getting the result described in your documentation, I gave you access to my S3 account and my Bubble application so that you they could check it themselves.

In his own words the problem was solved, the plugin loaded the files in S3 and showed them in my bubble application, but they were not accessible from outside my domain.

Attached capture of his answer.

The problem according to you was solved, but at the time of testing the problem persisted.

After explaining again what I needed, making more changes to my Amazon account and continuing to invest time in solving this problem, you tell me that what I want to achieve is not possible.

Which brings me to two points.

First, why does your documentation show exactly what I want to achieve and what you say is not possible?

Why do they put something in the official documentation that is not real?

And the second point, if it is true that what I am trying to achieve is not possible, why did it take a month and a half to indicate the correct answer?

Honestly, at this point the only thing I can think of is that they really have no idea, or are not interested in solving this problem.

If indeed the solution was not possible, they would have told me in the first message and not a month and a half later.

If indeed a “technical team” made the settings on my S3 and bubble account, they should have realized that what I was trying to do was not possible.

Maybe you can disagree with everything that I expose in this message and that’s fine, from your company they will have their own look at the inconvenience, but this is still something serious since i pay for a complement based on the information that you provide in its documentation and sales pages.

Now it turns out that this information is false or incomplete, and as if it was not enough to lose my money, I also had to waste my time and after more than a month, I realized that the support team never treated my case in a way real and conscious, since if it had been so, we would have reached the answer that you gave me in your last message more than a month ago.

I leave this message here in case someone else wishes to purchase a product from your company, they have the right to know the type of support they will receive and the type of product they will obtain.

Thanks.

Hello, @maxi
Please forgive us for the late reply.

We were investigating your particular request ( the files hosted in my S3 bucket, which were uploaded from the plugin, could be accessible only from my main domain, and that in case someone copied and pasted the link in another browser, could not see the file ) and we have the result.
Please accept this as a possible solution for your case.

  1. you have to restrict the access in your bucket (Block Public Access) as per this screenshot (screen 1)

  2. and add your domain under the “Allowed Origins” (under the Cross-origin resource sharing) (screen 2)

We are sorry for this awful misunderstanding, but we were just trying to point out that the setting up of the CORS is not the part that should be covered by the plugin’s functionality.
Each user is free to set up its CORS policies as per his user case/desire and the plugin creator/support is not in charge of providing the guidelines of this process.

I hope that the provided instruction above will be useful for you and helps you to achieve your goal.

We are sorry for the experience with our plugin.
Best regards,