If the download is going through a Worker, you can decompress it on the fly.
If the download is going through a Worker, you can decompress it on the fly.
DOr if it’s being viewed in a browser
DWhat’s annoying is that the etag won’t be the md5 hash of the entire file if you do chunked uploads.
Dyour Worker won't be able to accept POST'd 10GB file
Dyou can sign the
Content-Length header, but this requires you to know the size that the user will upload.Dcorrect.
Dyou probably also want to use the
https://developers.cloudflare.com/r2/api/s3/presigned-urls/#presigned-url-alternative-with-workers
If-Unmodified-Since header so you don't allow infinite reuploads of the same object.https://developers.cloudflare.com/r2/api/s3/presigned-urls/#presigned-url-alternative-with-workers
EThis. The way I would do it would be to have the client send the size of the file in the request that generates the presigned URL, then in your backend code you check that the size is not too large and generate a presigned URL with the appropiate content-length
DI think the 
If-Unmodified-Since header is important too, in case R2 adds S3 Versioning support and @Anay - ping in replies enables it without thinking about this edge case DDyou could/should also limit the content-type header if you know it ahead of time.
Doh yeah I'd use aws4fetch
Dfor aws4fetch, you need to set
allHeaders: true so it'll sign all headers, even the "non-standard" ones like User-AgentDif you wanna see what special headers S3 can use, see:
https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#API_PutObject_RequestSyntax
https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#API_PutObject_RequestSyntax
Adds an object to a bucket.
Dyou could even sign the
Cookie headerDdo you usually send cookie or an authorization header on requests?
Dah hmm now that I think about it, don't sign the cookie header, since presigned URLs aren't gonna be on your domain
DI think that makes sense.
I would also sign the
I would also sign the
Content-Disposition to enforce Content-Disposition: attachment. And yeah, I'd sign User-Agent if it's static for your application.Ddo you know what image type?
Dif you know the type, then
Content-Type: image/jpegDThe
Content-Disposition and Cache-ControlUser-Agent is optional. cc @Anay - ping in repliesDContent-Disposition: attachment will prevent browsers from rendering the image inline
ZExpensive if you want to store a ton of data
HYou can set up Lifecycle rules, but they work based on upload time, not last read
HSo you would have to build your own system to auto-delete files. I would probably spawn a Durable Object on upload, with an alarm set for a week from now. Whenever the DO receives a request, it resets the alarm. If it reaches 0, it deletes itself and the file
DIf the file names are always unique, there’s no reason to make a client waste their bandwidth downloading the file again if they can cache it for themselves.
