Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

触发分块上传时就会报403错误 #218

Open
keepchen opened this issue Aug 17, 2024 · 2 comments
Open

触发分块上传时就会报403错误 #218

keepchen opened this issue Aug 17, 2024 · 2 comments

Comments

@keepchen
Copy link

触发分块上传时就会报403错误

SDK version:

"cos-js-sdk-v5": "^1.8.4",

OS:

MacOS 14.5

Browser:

Chrome 127.0.6533.100

经过几次的测试发现,凡是触发了分块上传,header似乎就不全了,比如x-cos-acl就会丢失。
这是我服务器设置的sts权限:

Action: []string{
		//简单上传操作
		"name/cos:PutObject",
		//表单上传对象
		"name/cos:PostObject",
		//分块上传:初始化分块操作
		"name/cos:InitiateMultipartUpload",
		//分块上传:List 进行中的分块上传
		"name/cos:ListMultipartUploads",
		//分块上传:List 已上传分块操作
		"name/cos:ListParts",
		//分块上传:上传分块操作
		"name/cos:UploadPart",
		//分块上传:完成所有分块上传操作
		"name/cos:CompleteMultipartUpload",
		//取消分块上传操作
		"name/cos:AbortMultipartUpload",
	},

Condition: map[string]map[string]interface{}{
		"numeric_less_than_equal": {
			"cos:content-length": 10*1024*1024,
		},
		"string_like": {
			"cos:content-type": "image/*",
		},
		"string_equal": {
			"cos:x-cos-acl": "private",
		},
	},

这是客户端代码:

cos.uploadFile({
        Bucket: bucket,
        Region: region,
        Key: `${space}/${file.name}`,
        Headers: {
            "x-cos-acl": "private",
        },
        Body: file,
        SliceSize: 1024*1024,
        onTaskReady: (taskId) => { console.log('onTaskReady', taskId) },
        onProgress: (data) => {
            console.log('onProgress', JSON.stringify(data));
        },
        onFileFinish: (err, data) => {
            console.log('onFileFinish', JSON.stringify(data), err);
            cb && cb();
        },
    }, (err, data) => { console.log('uploadFile error', err, data) })

附上requestId和TraceId的返回信息方便你们查问题:

<?xml version='1.0' encoding='utf-8' ?>
<Error>
	<Code>AccessDenied</Code>
	<Message>Access Denied.</Message>
	<ServerTime>2024-08-17T04:08:33Z</ServerTime>
	<Resource>/</Resource>
	<RequestId>NjZjMDIyNDFfZWVlZjc4MGJfMjkzNjJfMzBiZTg3MQ==</RequestId>
	<TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTBjYzE2MjAxN2M1MzJiOTdkZjMxMDVlYTZjN2FiMmI0NTZkM2E5M2VhMDJhYmRiMjFmNGRlMGQ5YTgxNzQzYmM=</TraceId>
</Error>

麻烦帮忙排查一下,十分感谢!🙏
@livehigh
Copy link
Collaborator

触发分块上传时就会报403错误

SDK version:

"cos-js-sdk-v5": "^1.8.4",

OS:

MacOS 14.5

Browser:

Chrome 127.0.6533.100

经过几次的测试发现,凡是触发了分块上传,header似乎就不全了,比如x-cos-acl就会丢失。 这是我服务器设置的sts权限:

Action: []string{
		//简单上传操作
		"name/cos:PutObject",
		//表单上传对象
		"name/cos:PostObject",
		//分块上传:初始化分块操作
		"name/cos:InitiateMultipartUpload",
		//分块上传:List 进行中的分块上传
		"name/cos:ListMultipartUploads",
		//分块上传:List 已上传分块操作
		"name/cos:ListParts",
		//分块上传:上传分块操作
		"name/cos:UploadPart",
		//分块上传:完成所有分块上传操作
		"name/cos:CompleteMultipartUpload",
		//取消分块上传操作
		"name/cos:AbortMultipartUpload",
	},

Condition: map[string]map[string]interface{}{
		"numeric_less_than_equal": {
			"cos:content-length": 10*1024*1024,
		},
		"string_like": {
			"cos:content-type": "image/*",
		},
		"string_equal": {
			"cos:x-cos-acl": "private",
		},
	},

这是客户端代码:

cos.uploadFile({
        Bucket: bucket,
        Region: region,
        Key: `${space}/${file.name}`,
        Headers: {
            "x-cos-acl": "private",
        },
        Body: file,
        SliceSize: 1024*1024,
        onTaskReady: (taskId) => { console.log('onTaskReady', taskId) },
        onProgress: (data) => {
            console.log('onProgress', JSON.stringify(data));
        },
        onFileFinish: (err, data) => {
            console.log('onFileFinish', JSON.stringify(data), err);
            cb && cb();
        },
    }, (err, data) => { console.log('uploadFile error', err, data) })

附上requestId和TraceId的返回信息方便你们查问题:

<?xml version='1.0' encoding='utf-8' ?>
<Error>
	<Code>AccessDenied</Code>
	<Message>Access Denied.</Message>
	<ServerTime>2024-08-17T04:08:33Z</ServerTime>
	<Resource>/</Resource>
	<RequestId>NjZjMDIyNDFfZWVlZjc4MGJfMjkzNjJfMzBiZTg3MQ==</RequestId>
	<TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTBjYzE2MjAxN2M1MzJiOTdkZjMxMDVlYTZjN2FiMmI0NTZkM2E5M2VhMDJhYmRiMjFmNGRlMGQ5YTgxNzQzYmM=</TraceId>
</Error>

麻烦帮忙排查一下,十分感谢!🙏

您好,分块上传由几个独立的 api 组合构成,部分请求不带x-cos-acl也是正常表现。可将临时密钥条件键修改:
string_like改为string_like_if_exist
string_equal改为string_equal_if_exist

@keepchen
Copy link
Author

触发分块上传时就会报403错误

SDK version:

"cos-js-sdk-v5": "^1.8.4",

OS:

MacOS 14.5

Browser:

Chrome 127.0.6533.100

经过几次的测试发现,凡是触发了分块上传,header似乎就不全了,比如x-cos-acl就会丢失。 这是我服务器设置的sts权限:

Action: []string{
		//简单上传操作
		"name/cos:PutObject",
		//表单上传对象
		"name/cos:PostObject",
		//分块上传:初始化分块操作
		"name/cos:InitiateMultipartUpload",
		//分块上传:List 进行中的分块上传
		"name/cos:ListMultipartUploads",
		//分块上传:List 已上传分块操作
		"name/cos:ListParts",
		//分块上传:上传分块操作
		"name/cos:UploadPart",
		//分块上传:完成所有分块上传操作
		"name/cos:CompleteMultipartUpload",
		//取消分块上传操作
		"name/cos:AbortMultipartUpload",
	},

Condition: map[string]map[string]interface{}{
		"numeric_less_than_equal": {
			"cos:content-length": 10*1024*1024,
		},
		"string_like": {
			"cos:content-type": "image/*",
		},
		"string_equal": {
			"cos:x-cos-acl": "private",
		},
	},

这是客户端代码:

cos.uploadFile({
        Bucket: bucket,
        Region: region,
        Key: `${space}/${file.name}`,
        Headers: {
            "x-cos-acl": "private",
        },
        Body: file,
        SliceSize: 1024*1024,
        onTaskReady: (taskId) => { console.log('onTaskReady', taskId) },
        onProgress: (data) => {
            console.log('onProgress', JSON.stringify(data));
        },
        onFileFinish: (err, data) => {
            console.log('onFileFinish', JSON.stringify(data), err);
            cb && cb();
        },
    }, (err, data) => { console.log('uploadFile error', err, data) })

附上requestId和TraceId的返回信息方便你们查问题:

<?xml version='1.0' encoding='utf-8' ?>
<Error>
	<Code>AccessDenied</Code>
	<Message>Access Denied.</Message>
	<ServerTime>2024-08-17T04:08:33Z</ServerTime>
	<Resource>/</Resource>
	<RequestId>NjZjMDIyNDFfZWVlZjc4MGJfMjkzNjJfMzBiZTg3MQ==</RequestId>
	<TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTBjYzE2MjAxN2M1MzJiOTdkZjMxMDVlYTZjN2FiMmI0NTZkM2E5M2VhMDJhYmRiMjFmNGRlMGQ5YTgxNzQzYmM=</TraceId>
</Error>

麻烦帮忙排查一下,十分感谢!🙏

您好,分块上传由几个独立的 api 组合构成,部分请求不带x-cos-acl也是正常表现。可将临时密钥条件键修改: string_like改为string_like_if_exist string_equal改为string_equal_if_exist

尝试了一下,没有效果。我选择强制把分块上传禁止了。

谢谢你的协助。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@keepchen @livehigh