r2-bucket-uploader icon indicating copy to clipboard operation
r2-bucket-uploader copied to clipboard

Published 20 hours ago verified publisher icon datopian

Allow only upload specific file type

Open relacja opened this issue 4 months ago • 0 comments

The issue is more related to the R2 itself, but perhaps someone has advice on how to validate the file type in a secure environment?

Passing ContentType in PutObjectCommand doesn't work.

Currently, anyone from the client side can send a malware file with any header, and it will be correctly uploaded via presigned url.

At the moment, presigned URLs don't support POST methods, and R2 doesn't have Bucket Policies.

relacja avatar Mar 15 '24 00:03 relacja