S3 Direct Upload in your Rails application

Using the S3 direct upload in Rails is a nice way to give the user an indication that something is happening, whilst avoiding any timeout behaviour that is often seen in Heroku.

One hiccup to watch out for is the bucket configuration in your S3 account. When you create a bucket, the default CORS config only allows GET requests for that bucket.

For S3 Direct Upload to work, have this as your CORS settings:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Note, make the above better by explaining how to lock down AllowedOrigin and AllowedHeader

AllowedHeader

Even after adding in the PUT and POST permissions, there was still a 403 error being thrown when using the upload. The reason ended up being the allowed header, so adding:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        **Other settings
        <AllowedHeader>*</AllowedHeader>
        **Other settings
    </CORSRule>
</CORSConfiguration>

worked out well.