Very weird occurrence of this error (see below). Points of note:
Web app in question has >500 daily users, all of them uploading objects into S3 daily
Two users, have this one error when they try and upload a file
The same users, if they try a different computer, do not get this error
Web app is using the EvaporateJS library - https://github.com/TTLabs/EvaporateJS
There seems to be no pattern with regards to file size (even a tiny <10kb file will cause it)
The authentication/authorisation component of the web app is handled by the web-app. I.e. - The IAM user associated with generating the S3 upload Url is shared for all web app users, so I have ruled out a permission issue for the IAM user ID in question
Error message:
<Error>
<Code>InvalidRequest</Code>
<Message>
Key is not expected for the GET method ?uploads subresource
</Message>
<RequestId>
*****
</RequestId>
<HostId>
*****
</HostId>
</Error>
From all the points above, the only variable here seems to be the computers. Am I right? Have I overlooked something? If it is the computers, any idea what would be the issue there? An overactive firewall/something else preventing the upload network requests?
Thanks in advance for any guidance in decipher this error message (what does it even mean?!)
Related
This is a follow up question to the one found here: CloudFront + S3 Website: "The specified key does not exist" when an implicit index document should be displayed
I am trying to host a React single page app (static website) through S3 and I want to allow https access only (using a custom SSL). I have everything configured with CloudFront and my website is showing up at the CloudFront URL just fine. But when I navigate around the app, I get the error shown in the link above.
According to that post, the error is fixed by switching from a REST to a website endpoint. But in the process, you have to make your S3 bucket public. My question: is there a way to fix this error without switching to a website endpoint and, in the process, making all my S3 content public? Is there some kind of workaround within the AWS ecosystem where I can combine private S3 contents with a process that returns the html doc without the XML formatted error? According to this reference (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff), this seems like it may not be possible, but I'm hoping someone can prove me wrong.
Thanks!
The error you're getting usually occurs when your application tries to access something which it isn't privileged to.
Since you mentioned the app loads normally but you get this error while you move around; So it can be the case that it occurs when a component tries to load a private resource which you haven't added in the policies you have defined.
My question: is there a way to fix this error without switching to a website endpoint and, in the process, making all my S3 content public?
Definitely! But you need to pin point the resources which is being accessed when you're getting the error! I would request you to provide more info regarding the same.
Lastly, if you switch to website endpoints, you won't to able to serve private S3 content. You'll have to make it all public. You can find more info about this here: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff
I am getting error on test and development server for uploading file with azure blob storage.IT is uploading locally without any problem.We are using Nuget for File handling. On debugging we are getting error on container.CreateIfNotExist()
Could anybody help me solving the error.
Thanks in advance!
Based on your description, I assumed that you are using the azure storage client library WindowsAzure.Storage for uploading files to your blob storage.
On debugging we are getting error on container.CreateIfNotExist()
If you construct the CloudStorageAccount with the AccountName and AccountKey, please make sure your AccountKey is correct, and you could login into azure portal and check with it. If you construct the CloudStorageAccount via the account-level SAS token, please make sure the SAS token is valid and it contains the related permissions. Moreover, you could re-generate your account key or new SAS token to narrow this issue. Also, you could leverage fiddler to capture the network traces when executing the operations to narrow this issue.
Additionally, you need to check your server time. As Authentication for the Azure Storage Services states as follows:
The storage services ensure that a request is no older than 15 minutes by the time it reaches the service. This guards against certain security attacks, including replay attacks. When this check fails, the server returns response code 403 (Forbidden).
Also, you could Enabling Storage Logging and Accessing Log Data to retrieve the detailed error message.
Problem was Microsoft.ApplicationInsights 2.4.0.
Solved by downgrading to 2.3.0.
It is really strange but below links really helped me out to solve the issue
Azure Storage Emulator 403 Forbidden
Azure CloudBlobContainer.CreateIfNotExists() throws Forbidden (403) on Local Development
Thanks!
I'm trying to setup the config.php with my values but I get this fatal error:
Fatal error: Uncaught exception 'Google_AuthException' with message 'Error fetching OAuth2 access token, message: 'invalid_grant'.
I entered the client ID, secret, simple API key, location and sqlite database as the documentation says here:
https://developers.google.com/glass/quickstart/php
Any idea of what I'm doing wrong?
Thanks in advance!
This happens when the URL where you're hosting your Glassware is not listed as a valid OAuth 2.0 redirect URI on the API console. Follow these steps to resolve it.
First, determine your OAuth 2.0 redirect URI. This is where traffic goes at the end of the OAuth dance. The correct value depends on where you're running the php quick start. If you're running it on a local web server, it's likely to be http://localhost/mirror-quickstart-php/oauth2callback.php. If you're running it on example.com, it might be https://example.com/oauth2callback.php.
Go to the API console. This link will lead you to the right panel (services), but double check that you're on the correct project.
Scrolling down you should see a section of the page that looks like this: . Click on 'Edit Settings...'.
This triggers a pop-up where you can enter your OAuth redirect URIs. Add your redirect URI to the top text area. Make sure to put each URI on its own line.
Reload the page for the PHP Quick Start and everything should work.
If you're still having an issue, please share the full error message on the page and the value you have for the base url in config.php.
If you're getting the invalid_grant error from Google : Instead of using the client ID from google developer console as your value for client ID in the code, try using the email address value from developer console. This is actually what they expect. So, to confirm - the value for Client ID should be the value from developer console ending #developer.gserviceaccount.com
Had similar problem in Windows PS dotnet environment when trying to connect to DialogFlow Google Cloud Project recently and it appeared to be intermittent fault but it turned out to be global $env:GOOGLE_APPLICATION_CREDENTIALS in windows PowerShell was pointing to a key file set when first setup access to GCloud days before and since regenereated keys in GCP Console
After generating new key file and setting it with new generated key file using $env:GOOGLE_APPLICATION_CREDENTIALS="[Path_To_JSON_Key_File]" the problem went away but fix only lasted as long as the window was open, then after a while ran $env:GOOGLE_APPLICATION_CREDENTIALS on a newly opened PS window and noticed it was still pointing to the old key file!
setting the system environment variable GOOGLE_APPLICATION_CREDENTIALS to the value of [Path_To_JSON_New_Key_File] fixed it, all newly opened PS windows had the correct key file and authenticated correctly using Service Account and .Net Google Cloud API calls worked after that
TransformationError
This error keeps coming up for a specific image.
There are no problems with other images and I'm wondering what the reason for this exception could be.
From Google:
"Error while attempting to transform the image."
Update:
Development server it works fine, only live it fails.
Thanks
Without more information I'd say it's either the image is corrupted, or it's in a format that cannot be used with get_serving_url (animate GIF for example).
I fought this error forever and incase anyone finds they get the dreaded TransformationError please note that you need to make sure that your app has owner permissions on the files you want to generate a url for
It'll look something like this in your IAM tab:
App Engine app default service account
your-project-name-here#appspot.gserviceaccount.com
In IAM on that member you want to scroll down to Storage and grant "Storage Object Admin" to that user. That is as long as you have your storage bucket under the same project... if not I'm not sure how...
This TransformationError exception seems to show up for permissions errors so it is a bit misleading.
I way getting this error because I had used the Bucket Policy Only permissions on a bucket in a different project.
However after changing this back to Object Level permissions and giving my App Engine app access (from a different project) I was able to perform the App Engine Standard Images operation (google.appengine.api.images.get_serving_url) that I was trying to implement.
Make sure that you set your permissions correctly either in the Console UI or via gsutil like so:
gsutil acl ch -u my-project-a#appspot.gserviceaccount.com:OWNER gs://my-project-b
I am getting the following error on the AppEngine DevServer in Go:
API error 1 (datastore_v3: BAD_REQUEST): ApplicationError: 1 app
"id1" cannot access app "id2"'s data
(where "id1" and "id2" are real identifiers used by two of my applications)
I have tried to empty the datastore using the --clear_datastore flag, and also specifying a new path to the datastore using --datastore_path. The latter did not seem to work, no data was stored at the new location. The former flag deleted the contents of the datastore, but whenever I try to upload a blob I get the error.
I am hoping there is something I can do to remedy this!
--EDIT: To clarify, I am not trying to move data across apps, I am merely trying to upload to the active app's blobstore. I am developing several apps at the same time (different companies), so the machine will have several datastores/blobstores. In Java this is not a problem, only in Go.
Also, this is only a problem on the DevServer, once I upload the app, everything works as it should.
Ex animo,
/Alexander.
GAE Apps cannot direcly access each other's data. This is a fundamental restriction. DevAppServer is merely preventing you from doing something during development that would be forbidden to a deployed app.
You can move data between apps via url fetching.