Menu
Amazon Simple Storage Service
API Reference (API Version 2006-03-01)

Additional Considerations for Browser-Based Uploads

This section discusses additional considerations for uploading objects with an HTTP POST request.

POST with Adobe Flash

This section describes how to use POST with Adobe Flash.

Adobe Flash Player Security

By default, the Adobe Flash Player security model prohibits making network connections to servers outside the domain that serves the Adobe Flash (.swf) file.

To override the default, you must upload a publicly readable crossdomain.xml file to the bucket that will accept POST uploads. Here is a sample crossdomain.xml file:

Copy
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" secure="false" /> </cross-domain-policy>

For more information about the Adobe Flash security model, go to the Adobe web site.

When you add the crossdomain.xml file to your bucket, any Adobe Flash Player can connect to the crossdomain.xml file within your bucket. However, crossdomain.xml does not grant access to the Amazon S3 bucket.

Other Adobe Flash Considerations

The FileReference class in the Adobe Flash API adds the Filename form field to the POST request. When you build an Adobe Flash application that uploads files to Amazon S3 by using the FileReference class, include the following condition in your policy:

Copy
['starts-with', '$Filename', '']

Some versions of the Adobe Flash Player do not properly handle HTTP responses that have an empty body. To configure POST to return a response that does not have an empty body, set success_action_status to 201. Then, Amazon S3 will return an XML document with a 201 status code. For information about using this as an optional element (currently the only allowed value is the content of the XML document), see POST Object. For information about form fields, see HTML Form Fields.

On this page: