Allowing multiple content types in HTTP POST Amazon S3 upload policy document

Question

Does anybody know how to allow multiple content types in an Amazon S3 upload policy when uploading using HTTP POST? I can't seem to find the answer to this anywhere.

I am aware that I can restrict an upload to any file with a MIME type that starts with "image/" as follows:

{"expiration": "2015-02-28T00:00:00Z",
  "conditions": [ 
    ["starts-with", "$Content-Type", "image/*"]
  ]
}

But how would I go about allowing only a certain few MIME types which might not all start with the same characters?

Answer 1

This isn't supported. It's either a single pattern match (including a wildcard), or you have to allow all.

Depending on how the form is being generated -- dynamically, one assumes -- you might be able to simply tell the application the content-type of the file you intend to upload when requesting the resource that builds the form, hence, telling the application what content-type value to use on the form and when generating the policy document.

If the application doesn't find that content-type in its list of acceptable values, it could just refuse to render the form, and refuse to create and sign a matching policy statement.

Depending on the application, there may be little point in worrying too much about the Content-Type field here, because this is not actually restricting the content-types that can be uploaded... it's only restricting the value passed in the value parameter of input type="input" name="Content-Type". That's all this actually restricts.

There's no validation being performed as to whether that value accurately represents the MIME type of the payload that is being updated, so the policy document isn't restricting what kind of content you can upload. It's only restricting what kind of content you can claim you are uploading.

It may also be more appropriate to just accept otherwise-unusable uploads and handle the problem on the back-end, after the fact.