From ca15897cac002359a254c432248a9c6b9e66e958 Mon Sep 17 00:00:00 2001 From: Mikael Finstad Date: Tue, 15 Mar 2022 20:47:22 +0800 Subject: [PATCH] remove incorrect s3 documentation (#3571) closes #3565 --- .github/CONTRIBUTING.md | 2 ++ website/src/docs/aws-s3-multipart.md | 4 ++-- website/src/docs/aws-s3.md | 7 +------ 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 365fe92e72..8370bf7c3c 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -326,6 +326,8 @@ category: "Other Integrations" This data is used to generate Uppy’s website. Refer to [the section about running the website locally](#website-previews) if you’d like to see how the docs look on the website. +Any change of the documentation that involves a security best practice must substantiated with an external reference. See [#3565](https://github.com/transloadit/uppy/issues/3565). + ### Adding an example You can likely use whatever code generation tool for your framework (ex. `create-react-app`) to create this example. Make sure you add the same version of `@uppy/core` to this as your peer dependency required, or you may run into strange issues. Try to include all the components are some of their functionality. [The React example](https://github.com/transloadit/uppy/blob/main/examples/react-example/App.js) is a great... well example of how to do this well. diff --git a/website/src/docs/aws-s3-multipart.md b/website/src/docs/aws-s3-multipart.md index f363ccb7ac..8af37de283 100644 --- a/website/src/docs/aws-s3-multipart.md +++ b/website/src/docs/aws-s3-multipart.md @@ -167,9 +167,9 @@ The default implementation calls out to Companion’s S3 signing endpoints. ## S3 Bucket Configuration -S3 buckets do not allow public uploads by default. To allow Uppy to upload to a bucket directly, its CORS permissions need to be configured. This process is described in the [AwsS3 documentation](/docs/aws-s3/#S3-Bucket-configuration). +This process is the same as the one described in the [AWS S3 plugin’s documentation](/docs/aws-s3/#S3-Bucket-configuration), except for a few differences. -While the Uppy AWS S3 plugin uses `POST` requests when uploading files to an S3 bucket, the AWS S3 Multipart plugin uses `PUT` requests when uploading file parts. Additionally, the `ETag` header must also be exposed (in the response): +While the AWS S3 plugin uses `POST` requests when uploading files to an S3 bucket, the AWS S3 Multipart plugin uses `PUT` requests when uploading file parts. Additionally, the `ETag` header must also be exposed (in the response). So the CORS policy needs to look like this: ```json [ diff --git a/website/src/docs/aws-s3.md b/website/src/docs/aws-s3.md index d68e0a6583..ae932c2175 100644 --- a/website/src/docs/aws-s3.md +++ b/website/src/docs/aws-s3.md @@ -128,8 +128,7 @@ module.exports = { ## S3 Bucket configuration -S3 buckets do not allow public uploads by default. -To allow Uppy to upload directly to a bucket, at least its CORS permissions need to be configured, and you potentially need to change some of the _Public access settings_ that provide an extra layer of public access protection even if the correct CORS permissions are in place. +S3 buckets do not allow public uploads for security reasons. To allow Uppy and the browser to upload directly to a bucket, its CORS permissions need to be configured. CORS permissions can be found in the [S3 Management Console](https://console.aws.amazon.com/s3/home). Click the bucket that will receive the uploads, then go into the `Permissions` tab and select the `CORS configuration` button. @@ -208,10 +207,6 @@ The final configuration should look something like this (note that it defines tw ] ``` -Even with these CORS rules in place, you browser might still receive HTTP status 403 responses with `AccessDenied` in the response body when it tries to `POST` to your bucket. In this case, within the `Permissions` tab of the [S3 Management Console](https://console.aws.amazon.com/s3/home), choose `Public access settings`. - -It will list general _Public access settings for this bucket_, which can override the rules imposed by your CORS settings. Click on _edit_ to manage these settings. Under _Manage public access control lists (ACLs) for this bucket_, make sure that _Block new public ACLs and uploading public objects (Recommended)_ is unchecked, and _Save_ these settings. - If you are using an IAM policy to allow access to the S3 bucket, the policy must have at least the `s3:PutObject` and `s3:PutObjectAcl` permissions scoped to the bucket in question. In-depth documentation about CORS rules is available on the [AWS documentation site](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html).