Uploading to createPresignedPost returns "Invalid Argument: Authorization"

Generated URL using aws-sdk node.js package.

Tested using amazon s3 and it works properly but with R2 I’m getting a “Invalid Authorization” error.

This is a very important use case as its required to restrict file upload size. I love this service but cannot prevent api abuse without this feature.

As discussed in the Discord, creating a presigned PutObject URL that includes content-length in the signed headers appears to be another way to achieve this.

Sending a 60MB binary to a URL that has content-length: 5 in the signature, overriding the request content-length header to also be 5 and R2/S3 both will only keep the first 5 bytes.

Not entirely sure if this is apart of the S3 spec or just the underlying behaviour of the web servers that front S3/R2 - but likely fine as a workaround in the interim.

1 Like

Same error. We have setup CORS by “putBucketCors” method, and cheked it with “getBucketCors” method. It says CORS is working.

“createPresignedPost” method can generate a url looks like this.
But it returs CORS error.

“getSignedUrlPromise” generates url looks like this.
And CORS seems working propery with this type url, but we need more flexibility to configure “Conditions” which “getSignedUrlPromise” method does not have. ex. “starts-with”.

I would like to know if someone have already suceeded uploading object from “createPresignedPost” method.

Presigned POST isn’t supported.

Thank you for your reply!
Still I need to find a way to upload files from browser with max file size limitation.

I have tested v2 and v3 js-sdk.

With V2, ContentLength is not supported in pre-signed URLs.
It is working without ContentLength header.
Do you know how to configure content-length with V2?

With V3, “getSignedUrl” generates urls and it seems working, but not always.
About 3 out of 10 put request fails because of CORS even though the requests are made with same conditions. It’s so random that I can’t find out what cause CORS error.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.