Invalid policy document or request headers

问题

I have been struggling to see some light on Fine Uploader and getting "Invalid policy document or request headers!"

My java script

var s3Uploader = new qq.s3.FineUploader({
    debug: true,
    element: document.getElementById('fine-uploader-s3'),
    template: 'qq-template-s3',
    request: {
        endpoint: "http://xx_mybucket_xx.s3.amazonaws.com",
        accessKey: "xx_my_access_public_key_xx"
    },
    signature: {
        endpoint: "http://localhost/app/ci/php-s3-server/endpoint-cors.php"
    },
    uploadSuccess: {
        endpoint: "http://localhost/app/ci/php-s3-server/endpoint-cors.php?success",
        params: {
            isBrowserPreviewCapable: qq.supportedFeatures.imagePreviews
        }
    },

in my endpoint-cors.php

$clientPrivateKey = 'xx_my_access_secret_key_xx';
..
$serverPublicKey = 'xx_my_aws_admin_public_key_xx';
$serverPrivateKey = 'xx_my_aws_admin_private_key_xx';
...
$expectedBucketName = 'xx_mybucket_xx';
$expectedHostName = 'http://s3.amazonaws.com'; 

function handleCorsRequest() {  
    header('Access-Control-Allow-Origin: http://localhost');
}

AWS policy for the user with key xx_my_access_public_key_xx/xx_my_access_secret_key_xx

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::xx_mybucket_xx/*"
        }
    ]
}

AWS CORS

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <ExposeHeader>ETag</ExposeHeader>
        <AllowedHeader>*</AllowedHeader>
        <AllowedHeader>x-amz-acl</AllowedHeader>
        <AllowedHeader>x-amz-meta-qqfilename</AllowedHeader>
        <AllowedHeader>x-amz-date</AllowedHeader>
        <AllowedHeader>authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Request Header

Request URL:http://localhost/app/ci/php-s3-server/endpoint-cors.php
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:80
Response Headers
view source
Access-Control-Allow-Origin:http://localhost
Connection:Keep-Alive
Content-Length:16
Content-Type:application/json
Date:Mon, 28 Mar 2016 21:10:38 GMT
Keep-Alive:timeout=5, max=98
Server:Apache/2.4.18 (Win32) OpenSSL/1.0.2e PHP/7.0.1
X-Powered-By:PHP/7.0.1
Request Headers
view source
Accept:application/json
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:295
Content-Type:application/json; charset=UTF-8
Cookie:wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_f20b39b0cd3496e33513d2bacf01cb08=testuser%7C1459195033%7CKXV9QrEMyDcLAYJlaGTgICQ74f8iTwm5yUxGjR0SvO0%7C96cdcd43f9a8bb882ca9603a76e08da613398daa202a5b5a1674b5f28ef899a9; PHPSESSID=5bhdaq99o6pa0cagp6d0rsq9s2; _ga=GA1.1.446199661.1458860695
Host:localhost
Origin:http://localhost
Referer:http://localhost/app/ci/s3.fine-uploader/templates/s3test.html
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Request Payload
view source
{expiration: "2016-03-28T21:15:38.137Z",…}
conditions
:
[{acl: "private"}, {bucket: "xx_mybucket_xx"}, {Content-Type: "image/png"},…]
expiration
:
"2016-03-28T21:15:38.137Z"

Response

{"invalid":true}

回答1:

The response from your server indicates that the server is rejecting the signature request. If you are using the example PHP S3 signature server code provided in the Fine Uploader GitHub repo, the request will be rejected for one or more of the following reasons:

• Bucket associated with the request does not match the value you have set for the $expectedBucketName variable in your PHP file. This could happen if the bucket name you have provided in not correct. Check and be sure the bucket name you have provided is accurate.

• Size of the file is greater than the value you have specified for $expectedMaxSize. You should set this to null if you don't want to validate size, or a specific number in bytes if you do want to restrict files to a certain size.

Also, there doesn't appear to be any reason for you to use endpoint-cors.php. Based on the JS you have posted, all requests to your signature server are same-origin. You should be using endpoint.php.

来源：https://stackoverflow.com/questions/36271537/invalid-policy-document-or-request-headers