You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My use case is as follows: the frontend requests to upload a file to the server (including file integrity information such as MD5 and SHA1). The server then generates a pre-signed URL for upload, and the frontend uses this URL to upload the file to object storage.
However, when generating the pre-signed URL, why not set the headers first and then calculate the signature? Wouldn't this ensure that the MD5, SHA1, and other integrity information are included in the signature? Alternatively, if headers are not set, how does the current implementation guarantee that the file requested for upload is the same file actually uploaded?
(I readthe code in the file api.go from line 824 to line 853. If it's about obtaining the upload URL, the newRequest function returns at line 844 and won't reach line 853.)
The text was updated successfully, but these errors were encountered:
My use case is as follows: the frontend requests to upload a file to the server (including file integrity information such as MD5 and SHA1). The server then generates a pre-signed URL for upload, and the frontend uses this URL to upload the file to object storage.
However, when generating the pre-signed URL, why not set the headers first and then calculate the signature? Wouldn't this ensure that the MD5, SHA1, and other integrity information are included in the signature? Alternatively, if headers are not set, how does the current implementation guarantee that the file requested for upload is the same file actually uploaded?
(I readthe code in the file api.go from line 824 to line 853. If it's about obtaining the upload URL, the newRequest function returns at line 844 and won't reach line 853.)
The text was updated successfully, but these errors were encountered: