Keeping Your Secrets Between Cloud Object Storage and Your Browser (Part 2)

Download edition

Glynn Bird
Mar 20, 2018 · 3 min read
We’ve seen this before: it’s the roll-your-own-Instagram app architecture with pre-signed URLs!
  1. The serverless action calculates a time-limited, pre-signed URL that allows the download of the specified object. The URL is sent out as an HTTP 302 Redirect response.
  2. The browser’s request is redirected to the pre-signed URL, and the browser fetches the file directly from Object Storage.

Install the serverless action

Assuming you already have

How does this work?

The serverless action knows your object storage credentials. It is configured with them at deployment time. The only extra piece of information it needs is the ID of the object you need access to (i.e., the file name of the file).

  • The object ID (filename) is correct (e.g., landscape.png).
  • The HTTP call is made before the link expires. I’ve set the expiry time to 60 seconds. After this time the link is useless.

What about uploading data to object storage from a browser?

We’ve got you covered there too. See part one of this two-part series, where I cover uploading content to object storage from a browser using a similar technique.

IBM CODAIT

Things we made with data at IBM’s Center for Open Source Data and AI Technologies.

Glynn Bird

Written by

Developer @ IBM. https://glynnbird.com

IBM CODAIT

Things we made with data at IBM’s Center for Open Source Data and AI Technologies.