How to upload file with content-type mutlipart/formdata ---boundaryString
using signed url of google storage ?
The problem i am facing is when we use browser to upload a file the browser puts the content type of mutlipart/formdata ---boundaryString where boundaryString is a dynamic part of the content-type header value.
Now since the google signing method require content-type to be a part of signature. Generating a signed url became impossible.
For uploading using a form on the web, GCS provides an alternative to a regular signed URL called a "policy document." A policy document is a signed upload policy filled with a description of what sorts of uploads are and are not okay and are included as one of the parameters of your form post.
See https://cloud.google.com/storage/docs/xml-api/post-object#policydocument for details.
So, for example, an HTML form that allowed uploads would look like this:
<form action="http://travel-maps.storage.googleapis.com"
method="post"
enctype="multipart/form-data">
<input type="text" name="key" value="">
<input type="hidden" name="bucket" value="travel-maps">
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="GoogleAccessId" value="1234567890123#developer.gserviceaccount.com">
<input type="hidden" name="acl" value="bucket-owner-read">
<input type="hidden" name="success_action_redirect" value="http://www.example.com/success_notification.html">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjogIjIwMTAtMDYtMTZUMTE6MTE6MTFaIiwNCiAiY29uZGl0aW9ucyI6IFsNCiAgWyJzdGFydHMtd2l0aCIsICJrZXkiLCAiIiBdLA0KICB7ImFjbCI6ICJidWNrZXQtb3duZXItcmVhZCIgfSwNCiAgeyJidWNrZXQiOiAidHJhdmVsLW1hcHMifSwNCiAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1Y2Nlc3Nfbm90aWZpY2F0aW9uLmh0bWwiIH0sDQogIFsiZXEiLCAiQ29udGVudC1UeXBlIiwgImltYWdlL2pwZWciIF0sDQogIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAwLCAxMDAwMDAwXQ0KICBdDQp9">
<input type="hidden" name="signature" value="BSAMPLEaASAMPLE6SAMPLE+SAMPPLEqSAMPLEPSAMPLE+SAMPLEgSAMPLEzCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw=">
<input name="file" type="file">
<input type="submit" value="Upload">
</form>
The "policy" field contains a description of what the user can upload. It's a JSON document that's been base 64 encoded. Unencoded, it looks like this:
{"expiration": "2010-06-16T11:11:11Z",
"conditions": [
["starts-with", "$key", "" ],
{"acl": "bucket-owner-read" },
{"bucket": "travel-maps"},
{"success_action_redirect": "http://www.example.com/success_notification.html" },
["eq", "$Content-Type", "image/jpeg" ],
["content-length-range", 0, 1000000]
]
}
The "signature" field works like a signed URL would, except that you're signing the policy, not the request. It's the base64 encoding of the rsa/sha-256 of the policy document.
Related
In a AURA Lightining component,i need to implement a POST with a FORM, and the target Endpoint is in HTTP and not in HTTPS.
Here the code:
on submitForm:
cmp.find("formFirma").getElement().submit();
The problem is that when i click on button,the browser open the new tab always in https and doesn't find the external resource.
Even if POST should be always in HTTPS,is there a way to this HTTP?
if a do a "GET" with :
'''
var urlEvent = $A.get("e.force:navigateToURL");
urlEvent.setParams({
"url": "http://endpoint"
});
urlEvent.fire();
'''
it works in HTTP.
Thanks
<div onclick="{!c.submitForm}">
<form name="formFirma1" target="_blank" forceSSL="false" aura:id="formFirma" action="http://endpoint" method="POST">
<input type="hidden" name="idVerbale" value="191" />
<input type="hidden" name="CUAA" value="12345AB" />
<input type="hidden" name="TipoUtente" value="Agronomo" />
<lightning:button label="Firma" />
</form></div>
Here is the markup
Recently (starting March 2017), the _cart form integration with PayPal payments standard has started encoding spaces in all item info (names and options) to the plus sign (+). I verified this was happening in Chrome and added the enctype attribute to the form, which seemed to solve the issue for me. In Chrome and Firefox, I can send data to PayPal and spaces are preserved properly. Perhaps this is a fluke?
However, almost every customer that purchases is getting their info encoded improperly, which results in the IPN request not being able to verify the products they purchased.
The form:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="name#example.com">
<input type="hidden" name="charset" value="utf-8">
<input type="hidden" name="item_name_1" value="Product With Spaces">
<input type="hidden" name="quantity_1" value="1">
<input type="hidden" name="amount_1" value="30.00">
<input type="hidden" name="on0_1" value="Name">
<input type="hidden" name="os0_1" value="First Last">
<input type="hidden" name="on1_1" value="Email">
<input type="hidden" name="os1_1" value="customer#example.com">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif" align="left" style="margin-right:7px; margin-top: 2px;">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
When submitted to PayPal, the product is shown as Product+With+Spaces and the name as First+Last. Thus the transaction record on PayPal and the IPN request have the incorrectly encoded data also.
I tried encoding the spaces as %20 or + (which would normally result in double-encoding, so I didn't expect it to help), but those literal characters were shown on PayPal.
I've read over the PayPal developer docs, and I seem to be using the most up-to-date fields and URLs. Also, this code has been running successfully for years without trouble.
Solved! added the enctype="multipart/form-data" attribute to the paypal button form, return variables to ipn come back in same state as submitted
I'm trying to do PayPal Transparent Redirect (we are currently using Payflow Pro successfully, but would like to offload PCI stuff)...
I've seen the posting at: Stack Overflow Transparent Redirect issue and I am redirecting to the payflow-link. However, the browser then receives a 200 response and does not redirect back to my success, error or cancel page.
More detail:
I'm redirecting to () with the following form data (tokens and keys changed for security reasons):
<form name="PayPalForm">
<input name="SECURETOKEN" type="hidden" value="changed" />
<input name="SECURETOKENID" type="hidden" value="changed" />
<input name="CARDNUM" type="hidden" value="4111111111111111" />
<input name="EXPMONTH" type="hidden" value="07" />
<input name="EXPYEAR" type="hidden" value="16" />
<input name="CVV2" type="hidden" value="123" />
</form>
My setup send (to https://pilot-payflowpro.paypal.com):
TRXTYPE=S&TENDER=C&COMMENT1=Order ID: 80392&AMT=36.00&NAME=User Name&STREET=1234 E. 17th Street&CITY=Tucson&STATE=Arizona&ZIP=85711&COUNTRY=United States&RETURNURL=https://stage.mysite.com/index.aspx?sec=com&sub=buy&CANCELURL=https://stage.mysite.com/index.aspx?sec=com&sub=purchase&ERRORURL=https://stage.mysite.com/index.aspx?sec=com&sub=purchase&SILENTTRAN=TRUE&CREATESECURETOKEN=Y&SECURETOKENID=changed
Hmmm, could be the ampersands in the RETURNURL, etc parameters... I'll try url-encoding them?
I generated a signed Url using the PUT verb and I want to know can you POST data to a PUT signed url to upload objects to Google Cloud buckets?
No. If you sign a URL specifying a "PUT" verb, you must make a PUT request.
There is a way to upload objects using signatures and a POST verb, but it's not with signed URLs. It's with signed policy requests, which are a similar but more complex concept: https://cloud.google.com/storage/docs/xml-api/post-object#usage_and_examples
With policy documents, you specify several rules about a POST upload, base64 the policy, and then create a signature for that policy. The POST request must include both the policy and its signature. It's designed for use with web forms, like so:
<form action="http://travel-maps.storage.googleapis.com" method="post" enctype="multipart/form-data">
<input type="text" name="key" value="">
<input type="hidden" name="bucket" value="travel-maps">
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="GoogleAccessId" value="1234567890123#developer.gserviceaccount.com">
<input type="hidden" name="acl" value="bucket-owner-read">
<input type="hidden" name="success_action_redirect" value="http://www.example.com/success_notification.html">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjogIjIwMTAtMDYtMTZUMTE6MTE6MTFaIiwNCiAiY29uZGl0aW9ucyI6IFsNCiAgWyJzdGFydHMtd2l0aCIsICJrZXkiLCAiIiBdLA0KICB7ImFjbCI6ICJidWNrZXQtb3duZXItcmVhZCIgfSwNCiAgeyJidWNrZXQiOiAidHJhdmVsLW1hcHMifSwNCiAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1Y2Nlc3Nfbm90aWZpY2F0aW9uLmh0bWwiIH0sDQogIFsiZXEiLCAiQ29udGVudC1UeXBlIiwgImltYWdlL2pwZWciIF0sDQogIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAwLCAxMDAwMDAwXQ0KICBdDQp9">
<input type="hidden" name="signature" value="BSAMPLEaASAMPLE6SAMPLE+SAMPPLEqSAMPLEPSAMPLE+SAMPLEgSAMPLEzCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw=">
<input name="file" type="file">
<input type="submit" value="Upload">
</form>
I'm trying to set up a paypal solution but i'm having some trouble with the RETURNURL.
My form looks like this.
<form method="post" action="https://api-3t.paypal.com/nvp">
<input type="hidden" name="USER" value="<%=PayPal_API_Username%>">
<input type="hidden" name="PWD" value="<%=PayPal_API_Password%>">
<input type="hidden" name="SIGNATURE" value="<%=PayPal_API_Signature%>">
<input type="hidden" name="VERSION" value="65.0">
<input type="hidden" name="PAYMENTREQUEST_0_PAYMENTACTION" value="Sale">
<input type="hidden" name="PAYMENTREQUEST_0_CURRENCYCODE" value="DKK">
<input type="text" name="PAYMENTREQUEST_0_AMT" value="<%=Amount%>.00">
<input type="hidden" name="CUSTOM" value="<%=GUID%>">
<input type="hidden" name="RETURNURL" value="http://<%=c_mainDomain%>/return.html">
<input type="hidden" name="CANCELURL" value="http://<%=c_mainDomain%>/cancel.html">
<input type="hidden" name="METHOD" value="SetExpressCheckout">
<input type="submit" name="submit" value="Videre til betaling med Paypal">
</form>
When i submit the form it goes to "https://api-3t.paypal.com/nvp" and shows the message below.
TOKEN=EC%2d2XR31554RN094031R&TIMESTAMP=2012%2d01%2d03T10%3a23%3a11Z&CORRELATIONID=a0c80a35bfde2&ACK=Success&VERSION=65%2e0&BUILD=2271164
Shouldn't it send me back to my own page, to the "RETURNURL"? or is there something i'm missing
Yeah, I'm pretty sure, that my comment was right.
This POST should be done by your web app server - transient to the client.
Just before the user clicks the 'pay' button (when you render the site) on your web app - you call the setExpressCheckout, then you read the token from the answer and apply it to the button.
Then after the user clicks he is redirected to paypal site and returns to your page by returnURL.
Please make sure you exactly understand the whole process. Giving too much information to your users may be a potential vulnerability to your payments module.
EDIT: I guess that the form you've created is from PayPal's tutorial. Please notice that it is for testing and understanding the whole process only.