Additional Considerations for Browser-Based Uploads
This section discusses additional considerations for uploading objects with an HTTP POST request.
POST with Adobe Flash
This section describes how to use
POST with Adobe Flash.
Adobe Flash Player Security
By default, the Adobe Flash Player security model prohibits making network connections to servers outside the domain that serves the Adobe Flash (.swf) file.
To override the default, you must upload a publicly readable
crossdomain.xml file to the
bucket that will accept POST uploads. Here is a sample
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" secure="false" /> </cross-domain-policy>
For more information about the Adobe Flash security model, go to the Adobe web site.
When you add the
crossdomain.xml file to your bucket, any Adobe Flash Player can
connect to the
crossdomain.xml file within your bucket. However,
does not grant access to the Amazon S3 bucket.
Other Adobe Flash Considerations
The FileReference class in the Adobe Flash API adds the
form field to the POST request. When you build an Adobe Flash application that
uploads files to Amazon S3 by using the
FileReference class, include the following
condition in your policy:
['starts-with', '$Filename', '']
Some versions of the Adobe Flash Player do not properly handle HTTP responses that have an
empty body. To configure POST to return a response that does not have an empty
success_action_status to 201. Then, Amazon S3 will
return an XML document with a 201 status code. For information about using this as an
optional element (currently the only allowed value is the content of the XML
document), see POST Object.
For information about form fields, see HTML Form Fields.