This topic describes how to obtain signature information from the server in various programming languages based on POST policies and directly upload data to Object Storage Service (OSS) by using form upload. In this method, the AccessKey pair used to generate the signature is not included in the code of the client. Therefore, this method is more secure than the method in which the signature is generated by a JavaScript client.

Process and code analysis

Time series chart
  1. You send a request to the application server to obtain the upload policy and callback configurations.

    In the upload.js file of the client source code package, set the value of the serverUrl variable in the following snippet to the URL of the application server. 

    // serverUrl specifies the URL of the application server that returns signature information and upload policies. Replace the sample IP address and port number with actual values in your business scenario. 
serverUrl = 'http://88.88.XX.XX:8888'

    The client sends GET requests to the application server that is specified by serverUrl to request the information.

    Upload callbacks are not involved in the scenario described in this topic. Therefore, you must comment out the 'callback' : callbackbody field in the upload.js file of the client source code to disable the upload callback feature. 

    {
  'key' : key + '${filename}',
  'policy': policyBase64,
  'OSSAccessKeyId': accessid,
   // Set the status code returned by the server to 200. By default, the 204 status code is returned. 
  'success_action_status' : '200', 
  'callback' : callbackbody,
  'signature': signature,
}
  2. The application server returns the upload policy and signature to you.

    A service is deployed on the application server to respond to the GET request sent by the client and return the signature information that is required for object upload. You can modify the code so that the application server returns correct information to the client.

    The following sample code provides an example of the body content returned to the client by the application server:

    {
"accessid":"LTAI5tBDFVar1hoq****",
"host":"http://post-test.oss-cn-hangzhou.aliyuncs.com",
"policy":"eyJleHBpcmF0aW9uIjoiMjAxNS0xMS0wNVQyMDoyMzoyM1oiLCJjxb25kaXRpb25zIjpbWyJjcb250ZW50LWxlbmd0aC1yYW5nZSIsMCwxMDQ4NTc2MDAwXSxbInN0YXJ0cy13aXRoIiwiJGtleSIsInVzZXItZGlyXC8i****",
"signature":"VsxOcOudx******z93CLaXPz+4s=",
"expire":1446727949,
"dir":"user-dirs/"
}
    The following table describes the fields that are contained in the body.
    Field Description
    accessid
    TheAccessKey ID that is used to send the request.
    host
    The domain name to which you want to send the upload request.
    Note Custom domain names are not supported.
    policy
    The policy for form upload. The policy is a Base64-encoded string. For more information, see PostObject.
    signature
    The signature string of the policy. For more information, see PostObject.
    expire
    The expiration time of the policy specified by the server, which is in the Unix timestamp format (the number of seconds that have elapsed since January 01, 1970 00:00:00 UTC).
    dir
    The prefix that the names of the objects that you want to upload must contain.
  3. You call the PostObject operation to upload data to OSS.
    Note
    • Except for the file form field, the size of all other form fields including key cannot exceed 8 KB.
    • By default, an existing object that has the same name as the object that you want to upload is overwritten. If you do not want to overwrite an existing object that has the same name, include the x-oss-forbid-overwrite parameter in the upload request and set the x-oss-forbid-overwrite parameter to true. This way, if you upload an object whose name is the same as an existing object, the upload fails and OSS returns the FileAlreadyExists error. 
    new_multipart_params = {
     // key specifies the full path of the object in the bucket. Example: exampledir/exampleobject.txtObject. Do not include the bucket name in the full path. 
     // filename specifies the name of the local file that you want to upload. 
     'key' : key + '${filename}',
     'policy': policyBase64,
     'OSSAccessKeyId': accessid,
     // Set the status code that is returned by the server to 200. If you do not configure this parameter, the 204 status code is returned. 
     'success_action_status' : '200',    
     'signature': signature,
 };

Sample code

For more information about the sample code in various programming languages that is used to obtain signature information from the server, configure upload callbacks, and directly upload data to OSS, see the following topics:

References

In most cases, the application server needs to be informed of the information about uploaded objects, such as the names of the uploaded objects. If you upload an image, the application server needs to be informed of the image size. You can configure upload callbacks to meet these requirements. For more information, see Overview.