I have a site which allows users to define their subdomains xxx.mysite.com I allow

Question

0

Editorial Team

Asked: June 10, 20262026-06-10T21:41:19+00:00 2026-06-10T21:41:19+00:00

I have a site which allows users to define their subdomains xxx.mysite.com I allow

0

I have a site which allows users to define their subdomains
xxx.mysite.com

I allow the users to upload their own avatars and logos – ideally, it should upload directly to s3.

1

I am able to generate the policy http://s3.amazonaws.com/doc/s3-example-code/post/post_sample.html here.

However, I do not know what to give
[“starts-with”, “$success_action_redirect”, “http://xxx.mysite.com/”%5D

I can leave it out but I am not very comfortable allowing anyone to just upload easily. How can I add more restrictions?

I currently restrict the content-type to images

2 https and http

I know that I can force ssl on the entire site and use https://xxx.mysite.com for success_action_redirect.

Is there a regex I can use?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T21:41:21+00:00

Editorial Team

2026-06-10T21:41:21+00:00Added an answer on June 10, 2026 at 9:41 pm

I’m answering my own question.

It is not possible to do a wildcard search. We can do only starts-with.

I just restricted it to https for now. The other way to do it is to have a common code for upload across subdomains and use a parent.xx browser functions. Since it is in the same domain, browser will not complain and the s3 policy will go through.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a site which allows users to define their subdomains xxx.mysite.com I allow

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply