diff --git a/website/app-templates/smarty/js/geokrety/geokret_avatar_upload.tpl.js b/website/app-templates/smarty/js/geokrety/geokret_avatar_upload.tpl.js index 2f29c93631..f8dceffd49 100644 --- a/website/app-templates/smarty/js/geokrety/geokret_avatar_upload.tpl.js +++ b/website/app-templates/smarty/js/geokrety/geokret_avatar_upload.tpl.js @@ -57,7 +57,8 @@ $("div#geokretAvatar").dropzone({ }, sending: function (file, xhr, formData) { - for (let key in file.postData) { + let includes = ['key', 'X-Amz-Credential', 'X-Amz-Algorithm', 'X-Amz-Date', 'Policy', 'X-Amz-Signature']; + for (let key of includes) { if (file.postData.hasOwnProperty(key)) { formData.append(key, file.postData[key]); } diff --git a/website/app-templates/smarty/js/moves/move_picture_upload.tpl.js b/website/app-templates/smarty/js/moves/move_picture_upload.tpl.js index 0e3587f4f2..3b11358d0f 100644 --- a/website/app-templates/smarty/js/moves/move_picture_upload.tpl.js +++ b/website/app-templates/smarty/js/moves/move_picture_upload.tpl.js @@ -61,7 +61,8 @@ $('div.enable-dropzone').each(function() { }, sending: function (file, xhr, formData) { - for (let key in file.postData) { + let includes = ['key', 'X-Amz-Credential', 'X-Amz-Algorithm', 'X-Amz-Date', 'Policy', 'X-Amz-Signature']; + for (let key of includes) { if (file.postData.hasOwnProperty(key)) { formData.append(key, file.postData[key]); } diff --git a/website/app-templates/smarty/js/users/user_avatar_upload.tpl.js b/website/app-templates/smarty/js/users/user_avatar_upload.tpl.js index b953f2a57a..8c553d661f 100644 --- a/website/app-templates/smarty/js/users/user_avatar_upload.tpl.js +++ b/website/app-templates/smarty/js/users/user_avatar_upload.tpl.js @@ -57,7 +57,8 @@ $("div#userAvatar").dropzone({ }, sending: function (file, xhr, formData) { - for (let key in file.postData) { + let includes = ['key', 'X-Amz-Credential', 'X-Amz-Algorithm', 'X-Amz-Date', 'Policy', 'X-Amz-Signature']; + for (let key of includes) { if (file.postData.hasOwnProperty(key)) { formData.append(key, file.postData[key]); } diff --git a/website/app/GeoKrety/Controller/Pages/AbstractPictureUpload.php b/website/app/GeoKrety/Controller/Pages/AbstractPictureUpload.php index a596fad070..381460939b 100644 --- a/website/app/GeoKrety/Controller/Pages/AbstractPictureUpload.php +++ b/website/app/GeoKrety/Controller/Pages/AbstractPictureUpload.php @@ -16,8 +16,6 @@ public function request_s3_file_signature(\Base $f3) { $s3 = S3Client::instance()->getS3Public(); $formInputs = [ - 'acl' => 'private', - 's3Key' => $this->getImgKey(), 'key' => $this->getFullImgKey(), ]; @@ -25,7 +23,6 @@ public function request_s3_file_signature(\Base $f3) { // https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html // https://docs.aws.amazon.com/AmazonS3/latest/dev/HTTPPOSTForms.html#HTTPPOSTConstructPolicy $options = [ - ['acl' => 'private'], ['bucket' => GK_BUCKET_NAME_PICTURES_PROCESSOR_DOWNLOADER], ['eq', '$key', $this->getFullImgKey()], ['content-length-range', 1024, 1024 * 1024 * GK_SITE_PICTURE_UPLOAD_MAX_FILESIZE], @@ -46,6 +43,7 @@ public function request_s3_file_signature(\Base $f3) { [ 'success' => true, 'uploadUrl' => $formAttributes['action'], + 's3Key' => $this->getImgKey(), ], $formInputs );