Best practise for direct-to-R2 uploads from browser?

(Note - had to obscure the links because it’s a brand new account and the spambot got me)

I’m implementing direct uploads from the browser. My first approach seems to have come unravelled because there’s no support for CORS headers in R2 as yet. The idea was:

  1. Service on my existing backend to provide a temporary, secure post url using the S3 compatibility and getSignedURL
  2. Post to that URL from browser

1 was easy enough using this guide:

https ://developers.Cloudflare.com/r2/examples/aws-sdk-js-v3/

But 2 doesn’t work due to lack of CORS settings. Unless I’m missing something?

Can I work around this with a worker?

I’m aware of this guide: https ://developers.Cloudflare.com/r2/get-started

But that suggests a different strategy for auth and I’d rather not have to re-implement. Is there an API available from the worker to authenticate the S3-style signed URL?

Thanks!