Laravel+Plupload uploading to S3 response for preflight is invalid - CORS

Question

I'm testing a plupload upload to S3 on a Nginx server. The whole project is based on Laravel.

The problem is when I start upload, Chrome's console says:

XMLHttpRequest cannot load http://BUCKET.s3.amazonaws.com/. Response for preflight is invalid (redirect)

I have tried using PHP headers to enable CORS, but error still occurs.

Current uploading script:

<?php
$bucket = 'BUCKET';
$accessKeyId = '***************';
$secret = '********************************************';

$policy = base64_encode(json_encode(array(
        'expiration' => date('Y-m-d\TH:i:s.000\Z', strtotime('+1 day')),
        'conditions' => array(
                array('bucket' => $bucket),
                array('acl' => 'public-read'),
                array('starts-with', '$key', ''),
                array('starts-with', '$Content-Type', ''),
                array('starts-with', '$name', ''),
                array('starts-with', '$Filename', ''),
        )
)));

$signature = base64_encode(hash_hmac('sha1', $policy, $secret, true));
?>
....
<div id="uploader"></div>
....    
    <script>
        $(function () {
            $("#uploader").plupload({
                runtimes: 'html5',
                url: 'http://<?php echo $bucket; ?>.s3.amazonaws.com/',

                multipart: true,
                multipart_params: {
                    'key': '${filename}',
                    'Filename': '${filename}',
                    'acl': 'public-read',
                    'Content-Type': 'image/jpeg',
                    'AWSAccessKeyId': '<?php echo $accessKeyId; ?>',
                    'policy': '<?php echo $policy; ?>',
                    'signature': '<?php echo $signature; ?>'
                },

                file_data_name: 'file',
                filters: {
                    max_file_size: '10mb',
                    prevent_duplicates: true,
                    mime_types: [
                        {title: "Image files", extensions: "jpg,jpeg"}
                    ]
                }
            });
        });
    </script>
....

I checked this to enable CORS on Nginx, but the fact is when I put that snippet on my location / block it just return a 404 when I open the URL.

My Nginx site configuration file:

server {
    listen 80;
    server_name myserver.com;
    root /usr/share/nginx/myserver/public;

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/myapp-error.log error;

    sendfile off;

    client_max_body_size 100m;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    location ~ /\.ht {
        deny all;
    }

}

Thank you so much

Answer 1

I found a way to achieve it poorly. Studying http://laravel.com/docs/master/filesystem deeply I didn't found a valid answer to get Plupload working. Otherwise, I found a poor solution that is using a:

<input type="file" name="files[]" multiple>

And use something like:

foreach($request->file("files") as $file) {
        Storage::put(
            'test'.rand(1,100),
            file_get_contents($file->getRealPath())
        );
    };

In my controller, that enables multiple file uploading to S3. But it isn't asynchronous and also it's UX is worse.

I'll keep working to have Plupload enabled eventually. I will post updates here.

Answer 2

It maybe worth you looking at the cors package by Barryvdh:

https://github.com/barryvdh/laravel-cors

This fixed my CORS issue.