I have a blogging website and it uses AWS S3 signed URL logic to upload any pictures, used in the blogs, directly from the browser to S3 bucket.
To maintain the security, the request for generating the signed URL goes through the backend which verifies the user authentication and other things, and returns a URL with few configs that must be used to upload the file to S3 bucket from the client application. Here the server returns few metadata to be used in the config. To maintain consistency I used the user's email address as metadata and that will ensure that no random user can upload the file to S3 (though without this too, the security would be maintained but I just added it to add a layer of security).
The problem that I recently found out that (maybe I missed some config) when the file uploaded by particular user [email protected] is fetched, the response-header includes field:
x-amz-meta-data: {"emailaddress":"[email protected]"}
Did I miss any configuration in S3 bucket? Or the metadata will be fetched in all the responses?
If yes, how is it a signed URL as all the metadata will be shown in the browser? If no, what configuration am I missing?
If this was expected, how can I transfer all the files to a new bucket with the same policy with modified metadata?
Any help would be appreciated.
question from:
https://stackoverflow.com/questions/65910313/aws-s3-signed-url-meta-returned-in-browser 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
