r2-bucket-uploader icon indicating copy to clipboard operation
r2-bucket-uploader copied to clipboard

Published 20 hours ago verified publisher icon datopian

Allow only upload specific file type

Open newyork58 opened this issue 11 months ago • 1 comments

The issue is more related to the R2 itself, but perhaps someone has advice on how to validate the file type in a secure environment?

Passing ContentType in PutObjectCommand doesn't work.

Currently, anyone from the client side can send a malware file with any header, and it will be correctly uploaded via presigned url.

At the moment, presigned URLs don't support POST methods, and R2 doesn't have Bucket Policies.

newyork58 avatar Mar 15 '24 00:03 newyork58

@relacja I believe the only way you can implement this is to add a logic in the code that will perform the required checks. If you want to do a simple file type check you could implement it somewhere before Uppy starts getting presigned url from r2.

anuveyatsu avatar Jul 29 '24 06:07 anuveyatsu