Home/ Questions/Q 8483399
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T20:05:33+00:00

I am having a problem (with csrf) executing a direct upload to S3 using

  • 0

I am having a problem (with csrf) executing a direct upload to S3 using a POST.

Here is the code:

<form action="https://mymediaurl/" method="post" enctype="multipart/form-data">
    <input type="hidden" name="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" value="{{ access_key }}">
    <input type="hidden" name="acl" value="private">
    <input type="hidden" name="success_action_redirect" value="http://localhost/">
    <input type="hidden" name="policy" value="{{ policy }}">
    <input type="hidden" name="signature" value="{{ signature }}">
    <input type="hidden" name="Content-Type" value="image/jpeg">
    <!-- Include any additional input fields here -->

    File to upload to S3:
    <input name="file" type="file">
    <br>
    <input type="submit" value="Upload File to S3">
</form>

Here is the error:

<Code>AccessDenied</Code>
<Message>
    Invalid according to Policy: Extra input fields: csrfmiddlewaretoken
</Message>

Source code that includes the csfr:

<form action="https://mymediaurl/" method="post" enctype="multipart/form-data">
    <div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='123412341234' /></div>
    <div style='display:none;'><input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='123412341234' /></div>
    <input type="hidden" name="key" value="uploads/${filename}">
    <input type="hidden" name="AWSAccessKeyId" value="ASFDFDSF">
    <input type="hidden" name="acl" value="private">
    <input type="hidden" name="success_action_redirect" value="http://localhost/">
    <input type="hidden" name="policy" value="asdhfkajewhlfawe">
    <input type="hidden" name="signature" value="asdfasdfasdf">
    <input type="hidden" name="Content-Type" value="image/jpeg">
    <!-- Include any additional input fields here -->

    File to upload to S3:
    <input name="file" type="file">
    <br>
    <input type="submit" value="Upload File to S3">
</form>

I have tried adding csrfmiddlewaretoken to my policy document, but that does not work. Has anyone ran into this problem and found a solution? I have searched high and low but can not seem to find an answer to this specific problem.

Running Django 1.3.1 for this project if that matters..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Answering my own question with help from Christopher’s comment.

    Here is my policy document:

    {"expiration": "2014-01-01T00:00:00Z",
"conditions": [
    {"bucket": "media.somehost.com"},
    ["starts-with", "$key", "uploads/"],
    ["starts-with", "$csrfmiddlewaretoken", ""],
    {"acl": "private"},
    {"success_action_redirect": "http://localhost/"},
    ["starts-with", "$Content-Type", ""],
    ["content-length-range", 0, 1048576]
]

    I just needed to add the csrfmiddlewaretoken to my policy with the correct format.

    • 0