I generated a signed Url using the PUT verb and I want to know can you POST data to a PUT signed url to upload objects to Google Cloud buckets?
No. If you sign a URL specifying a "PUT" verb, you must make a PUT request.
There is a way to upload objects using signatures and a POST verb, but it's not with signed URLs. It's with signed policy requests, which are a similar but more complex concept: https://cloud.google.com/storage/docs/xml-api/post-object#usage_and_examples
With policy documents, you specify several rules about a POST upload, base64 the policy, and then create a signature for that policy. The POST request must include both the policy and its signature. It's designed for use with web forms, like so:
<form action="http://travel-maps.storage.googleapis.com" method="post" enctype="multipart/form-data">
<input type="text" name="key" value="">
<input type="hidden" name="bucket" value="travel-maps">
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="GoogleAccessId" value="1234567890123#developer.gserviceaccount.com">
<input type="hidden" name="acl" value="bucket-owner-read">
<input type="hidden" name="success_action_redirect" value="http://www.example.com/success_notification.html">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjogIjIwMTAtMDYtMTZUMTE6MTE6MTFaIiwNCiAiY29uZGl0aW9ucyI6IFsNCiAgWyJzdGFydHMtd2l0aCIsICJrZXkiLCAiIiBdLA0KICB7ImFjbCI6ICJidWNrZXQtb3duZXItcmVhZCIgfSwNCiAgeyJidWNrZXQiOiAidHJhdmVsLW1hcHMifSwNCiAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1Y2Nlc3Nfbm90aWZpY2F0aW9uLmh0bWwiIH0sDQogIFsiZXEiLCAiQ29udGVudC1UeXBlIiwgImltYWdlL2pwZWciIF0sDQogIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAwLCAxMDAwMDAwXQ0KICBdDQp9">
<input type="hidden" name="signature" value="BSAMPLEaASAMPLE6SAMPLE+SAMPPLEqSAMPLEPSAMPLE+SAMPLEgSAMPLEzCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw=">
<input name="file" type="file">
<input type="submit" value="Upload">
</form>
Related
How to upload file with content-type mutlipart/formdata ---boundaryString
using signed url of google storage ?
The problem i am facing is when we use browser to upload a file the browser puts the content type of mutlipart/formdata ---boundaryString where boundaryString is a dynamic part of the content-type header value.
Now since the google signing method require content-type to be a part of signature. Generating a signed url became impossible.
For uploading using a form on the web, GCS provides an alternative to a regular signed URL called a "policy document." A policy document is a signed upload policy filled with a description of what sorts of uploads are and are not okay and are included as one of the parameters of your form post.
See https://cloud.google.com/storage/docs/xml-api/post-object#policydocument for details.
So, for example, an HTML form that allowed uploads would look like this:
<form action="http://travel-maps.storage.googleapis.com"
method="post"
enctype="multipart/form-data">
<input type="text" name="key" value="">
<input type="hidden" name="bucket" value="travel-maps">
<input type="hidden" name="Content-Type" value="image/jpeg">
<input type="hidden" name="GoogleAccessId" value="1234567890123#developer.gserviceaccount.com">
<input type="hidden" name="acl" value="bucket-owner-read">
<input type="hidden" name="success_action_redirect" value="http://www.example.com/success_notification.html">
<input type="hidden" name="policy" value="eyJleHBpcmF0aW9uIjogIjIwMTAtMDYtMTZUMTE6MTE6MTFaIiwNCiAiY29uZGl0aW9ucyI6IFsNCiAgWyJzdGFydHMtd2l0aCIsICJrZXkiLCAiIiBdLA0KICB7ImFjbCI6ICJidWNrZXQtb3duZXItcmVhZCIgfSwNCiAgeyJidWNrZXQiOiAidHJhdmVsLW1hcHMifSwNCiAgeyJzdWNjZXNzX2FjdGlvbl9yZWRpcmVjdCI6ICJodHRwOi8vd3d3LmV4YW1wbGUuY29tL3N1Y2Nlc3Nfbm90aWZpY2F0aW9uLmh0bWwiIH0sDQogIFsiZXEiLCAiQ29udGVudC1UeXBlIiwgImltYWdlL2pwZWciIF0sDQogIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAwLCAxMDAwMDAwXQ0KICBdDQp9">
<input type="hidden" name="signature" value="BSAMPLEaASAMPLE6SAMPLE+SAMPPLEqSAMPLEPSAMPLE+SAMPLEgSAMPLEzCPlgWREeF7oPGowkeKk7J4WApzkzxERdOQmAdrvshKSzUHg8Jqp1lw9tbiJfE2ExdOOIoJVmGLoDeAGnfzCd4fTsWcLbal9sFpqXsQI8IQi1493mw=">
<input name="file" type="file">
<input type="submit" value="Upload">
</form>
The "policy" field contains a description of what the user can upload. It's a JSON document that's been base 64 encoded. Unencoded, it looks like this:
{"expiration": "2010-06-16T11:11:11Z",
"conditions": [
["starts-with", "$key", "" ],
{"acl": "bucket-owner-read" },
{"bucket": "travel-maps"},
{"success_action_redirect": "http://www.example.com/success_notification.html" },
["eq", "$Content-Type", "image/jpeg" ],
["content-length-range", 0, 1000000]
]
}
The "signature" field works like a signed URL would, except that you're signing the policy, not the request. It's the base64 encoding of the rsa/sha-256 of the policy document.
I am using the Paypal form , the easiest way it seems for me to return data back to the response page is by building a giant custom variable and splitting it up again on return. However the data seems to get half lost on return. I cant seem to find a consistency with it.
The custom variable is built using jQuery but Ill omit that code as I have tested it and its correctly filling up the entire variable.
<form id="paypal-submit" action="https://sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="adrianbusiness#mysite.com ">
<input type="hidden" name="item_name"
value="Memorex 256MB Memory Stick">
<input type="hidden" name="item_number" value="MEM32507725">
<input type="hidden" name="amount" value="3">
<input type="hidden" name="tax" value="1">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="quantity" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="EUR">
<input id="custom-info" type="hidden" name="custom" value="adrian$%&quals$%&31 carab$%&8239 j $%&do no include address$%&adrian#gmal$%&061what$%&www.hjell=d$%&does not agree to texts$%&does not agree to contact listed in directory$%&does not agree to emails$%&does not agree to contact sharing for other organisations$%&does not wish to be publicly listed$%&ffndlk$%&do not include me in the directory of education$%&fd$%&do not include me in the speakers directory$%&fed">
<input name="notify_url" value="http://example.com/paypal-info" type="hidden">
<?php /* <input type="hidden" name="zip" value="">
<input type="hidden" name="country" value="US"> */ ?>
<input type="hidden" name="return" value="http://example.com/payment-success"/>
<input type="image" name="submit" border="0"
src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"
alt="PayPal - The safer, easier way to pay online">
</form>
In my response page...
print_r($_POST['custom']);
might only output
adrian$%&quals$%&31 carab$%&8239 j $%&do no include address$%&adrian#gmal$%&061what$%&www.hjell=d$%&does not agree to texts$%&does not agree to contact listed in directory$%&does not agree to emails$%&does not agree to contact sharing for other organ
and just stop at that even there is more text in the string.
Might Paypal have a character limit or something?
The CUSTOM parameter has a limitation of 256 characters. You've got more than that in your value so it would get chopped off accordingly.
What I like to do is save all of that sort of data in a local database record prior to sending the person over to PayPal. That way you can include this record ID in the CUSTOM parameter, and then pull that data back out of your database using that ID.
If what you're saving is considered an order/invoice record, then you could actually use the INVOICE parameter with PayPal instead of CUSTOM, and that way it would show your local Invoice ID in the PayPal transaction details in the actual Invoice Number field instead of the Custom field. Either way would work fine, though.
I have a form that adds items to a cart. But I want to give them an option to ship the item to a store.
My form looks like this...
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="business" value="XXXXXXXXXXXXXX" />
<input type="hidden" name="currency_code" value="USD" />
<input type="hidden" name="amount_1" value="19.99" />
<input type="hidden" name="item_name_1" value="MyCoolTshirt" />
<input type="hidden" name="quantity_1" value="2" />
<input type="image" src="Checkout-Button.jpg" name="submit" alt="cart add" />
</form>
Can I add a code in there that will deliver the comment to me, indicating "Ship to store" so customer can pickup instead of shipping it to them?
You can take a look at the standard variables list to see what all is available for you to use. There are a few different things you could do.
You could save everything into your local database first, complete with all notes or anything you'd want to reference. Then you can pass that "invoice ID" into the invoice parameter of your form, and you would always be able to relate back and pull that data from your own system.
You could also just use the "custom" parameter to pass anything you want up to 255 characters.
I'd browse through that list, though, as there could be lots of different things you decide you'd like to use.
I have just began working on a project processing paypal payment on a web site, which does not work fine in the sense that the email notification is sent if and only if the user goes back to the site. The fact is that I didn't code it and I even don't know what kind of api it uses. I read the doc which is quite obscure to me (It understood there is a token needs to be sent from the site by get request method but I am really not sure). I understand from the code that, in the following, the op=dodons uri is used to mange the response of paypal and to send an email notification to the user. Here is the only thing I can tell you about the page from which I want to fetch up how the payment is processed :
<form action="{$payPalURL}" method="post" class="payPalForm" id="frmpp">
<input type="hidden" name="cmd" value="_donations" id="typedon"/>
<input type="hidden" name="item_name" value="Donation" />
<input type="hidden" name="business" value="{$myPayPalEmail}" />
<input type="hidden" name="notify_url" value="{$url}/index.php?op=dodons&donation=1&tid={$randomID}&payment=1" />
<input type="hidden" name="return" value="{$url}index.php?page=campaign&op=dodons&campaign_id={$campaign->getId()}&don=ok" />
<input type="hidden" name="rm" value="2" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="cbt" value="Continue" />
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="lc" value="US" />
<input type="hidden" name="currency_code" value="EUR" />
<input type="hidden" name="txn_id" value="{$randomID}" />
<input type="hidden" name="tid" value="{$randomID}" />
{if $logged_user != null}
<input type="hidden" name="a_id" value="{$logged_user->getId()}" />
</form>
It looks like you're using Payments Standard in combination with Payment Data Transfer (PDT).
PDT only works if the user makes it back to the site which is never guaranteed, even with Auto-Return enabled.
Instead, use Instant Payment Notification (IPN). This is a simple POST of all transaction data to a listener script on your server, and this happens regardless of whether or not the user makes it back to your site or not. It's completely separate from the checkout flow.
I'm trying to set up a paypal solution but i'm having some trouble with the RETURNURL.
My form looks like this.
<form method="post" action="https://api-3t.paypal.com/nvp">
<input type="hidden" name="USER" value="<%=PayPal_API_Username%>">
<input type="hidden" name="PWD" value="<%=PayPal_API_Password%>">
<input type="hidden" name="SIGNATURE" value="<%=PayPal_API_Signature%>">
<input type="hidden" name="VERSION" value="65.0">
<input type="hidden" name="PAYMENTREQUEST_0_PAYMENTACTION" value="Sale">
<input type="hidden" name="PAYMENTREQUEST_0_CURRENCYCODE" value="DKK">
<input type="text" name="PAYMENTREQUEST_0_AMT" value="<%=Amount%>.00">
<input type="hidden" name="CUSTOM" value="<%=GUID%>">
<input type="hidden" name="RETURNURL" value="http://<%=c_mainDomain%>/return.html">
<input type="hidden" name="CANCELURL" value="http://<%=c_mainDomain%>/cancel.html">
<input type="hidden" name="METHOD" value="SetExpressCheckout">
<input type="submit" name="submit" value="Videre til betaling med Paypal">
</form>
When i submit the form it goes to "https://api-3t.paypal.com/nvp" and shows the message below.
TOKEN=EC%2d2XR31554RN094031R&TIMESTAMP=2012%2d01%2d03T10%3a23%3a11Z&CORRELATIONID=a0c80a35bfde2&ACK=Success&VERSION=65%2e0&BUILD=2271164
Shouldn't it send me back to my own page, to the "RETURNURL"? or is there something i'm missing
Yeah, I'm pretty sure, that my comment was right.
This POST should be done by your web app server - transient to the client.
Just before the user clicks the 'pay' button (when you render the site) on your web app - you call the setExpressCheckout, then you read the token from the answer and apply it to the button.
Then after the user clicks he is redirected to paypal site and returns to your page by returnURL.
Please make sure you exactly understand the whole process. Giving too much information to your users may be a potential vulnerability to your payments module.
EDIT: I guess that the form you've created is from PayPal's tutorial. Please notice that it is for testing and understanding the whole process only.