@aws-sdk/s3-request-presigner 3.598.0 → 3.600.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -91,4 +91,53 @@ to `presigned` is not sufficient to make a request. You need to send the
|
|
|
91
91
|
server-side encryption headers along with the url. These headers remain in the
|
|
92
92
|
`presigned.headers`
|
|
93
93
|
|
|
94
|
+
### Get Presigned URL with headers that cannot be signed
|
|
95
|
+
|
|
96
|
+
By using the `getSignedUrl` with a `S3Client` you are able to sign your
|
|
97
|
+
headers, improving the security of presigned url. Importantly, if you want to
|
|
98
|
+
sign any `x-amz-*` headers (like the ChecksumSHA256 header in this example),
|
|
99
|
+
you need to provide those headers to the set of `unhoistableHeaders` in the
|
|
100
|
+
`getSignedUrl` params which will force those headers to be present in the
|
|
101
|
+
upload request.
|
|
102
|
+
|
|
103
|
+
```javascript
|
|
104
|
+
import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
|
|
105
|
+
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
|
|
106
|
+
|
|
107
|
+
const s3Client = new S3Client({ region: "us-east-1" });
|
|
108
|
+
const command = new PutObjectCommand({
|
|
109
|
+
Bucket: bucket,
|
|
110
|
+
Key: key,
|
|
111
|
+
ChecksumSHA256: sha,
|
|
112
|
+
});
|
|
113
|
+
|
|
114
|
+
const presigned = getSignedUrl(s3Client, command, {
|
|
115
|
+
expiresIn: expiration,
|
|
116
|
+
// Set of all x-amz-* headers you wish to have signed
|
|
117
|
+
unhoistableHeaders: new Set(["x-amz-checksum-sha256"]),
|
|
118
|
+
});
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
### Get Presigned URL with headers that should be signed
|
|
122
|
+
|
|
123
|
+
For headers that are not `x-amz-*` you are able to add them to the set of
|
|
124
|
+
`signableHeaders` to be enforced in the presigned urls request.
|
|
125
|
+
|
|
126
|
+
```javascript
|
|
127
|
+
import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
|
|
128
|
+
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
|
|
129
|
+
|
|
130
|
+
const s3Client = new S3Client({ region: "us-east-1" });
|
|
131
|
+
const command = new PutObjectCommand({
|
|
132
|
+
Bucket: bucket,
|
|
133
|
+
Key: key,
|
|
134
|
+
ContentType: contentType,
|
|
135
|
+
});
|
|
136
|
+
|
|
137
|
+
const presigned = getSignedUrl(s3Client, command, {
|
|
138
|
+
signableHeaders: new Set(["content-type"]),
|
|
139
|
+
expiresIn: expiration,
|
|
140
|
+
});
|
|
141
|
+
```
|
|
142
|
+
|
|
94
143
|
For more information, please go to [S3 SSE reference](https://docs.aws.amazon.com/AmazonS3/latest/dev/KMSUsingRESTAPI.html)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/s3-request-presigner",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.600.0",
|
|
4
4
|
"scripts": {
|
|
5
5
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
6
6
|
"build:cjs": "node ../../scripts/compilation/inline s3-request-presigner",
|
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
"tslib": "^2.6.2"
|
|
32
32
|
},
|
|
33
33
|
"devDependencies": {
|
|
34
|
-
"@aws-sdk/client-s3": "3.
|
|
34
|
+
"@aws-sdk/client-s3": "3.600.0",
|
|
35
35
|
"@smithy/hash-node": "^3.0.1",
|
|
36
36
|
"@tsconfig/recommended": "1.0.1",
|
|
37
37
|
"@types/node": "^16.18.96",
|