Comments (7)
Thanks @pglombardo. After some more digging I found that ActiveStorage is using SAS tokens for DirectUpload, which does not use the x-ms-version header for selecting the API version. Instead the API version is selected when generating the SAS URL in the SignedVersion (sv) parameter, or the optional api-version parameter [1].
The SignedVersion parameter is also defined in the STG_VERSION constant but in the Common module instead of the Blob module.
I also found that in API version 2020-12-06 and higher the Signature format was changed slightly making them incompatible with the current azure-storage-blob implementation [2]. However, all API versions since 2019-12-12 support 5 GB single PUT uploads [3].
Below code in config/initializers/azure.rb
using the latest supported API version solves the problem (Tested with a 3GB upload):
require "azure/storage/blob"
module Azure::Storage::Common::Default
remove_const(:STG_VERSION) if const_defined?(:STG_VERSION)
const_set(:STG_VERSION, "2020-10-02")
end
[1] https://learn.microsoft.com/en-us/rest/api/storageservices/versioning-for-the-azure-storage-services#authorize-requests-by-using-a-shared-access-signature
[2] https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#version-2020-12-06-and-later
[3] https://learn.microsoft.com/en-us/rest/api/storageservices/put-blob?tabs=microsoft-entra-id#remarks
from passwordpusher.
Hello @brt5586, thanks for contributing to the Password Pusher community! We will respond as soon as possible.
from passwordpusher.
Hi @brt5586 - thanks this is useful info. I'm traveling for the next couple weeks but I'll take a closer look and see if I can make the improvement once I get back.
from passwordpusher.
Hi @brt5586 I previously didn't have this documented well but could you confirm that you put in the proper CORS configuration for the Azure storage? One of the CORS configurations is to allow the x-ms-blob-type
header.
Updated CORS documentation for Azure is here: https://github.com/pglombardo/PasswordPusher/blob/master/Configuration.md#azure-storage-cors-configuration
from passwordpusher.
I'm having the same problem, being limited to uploading max 256MB files to Azure Blob Storage due to the old API version being used. According to this thread:
Azure/azure-storage-ruby#172
It should be possible to pass the following setting to force a newer version:
Azure::Storage::Blob::Default::STG_VERSION = "xxxx-xx-xx"
I believe 2024-05-04 is the current version recommended to be used:
https://learn.microsoft.com/en-us/rest/api/storageservices/versioning-for-the-azure-storage-services
Is that anything you can use from PWP?
from passwordpusher.
Hi @msundman78 - that's helpful thanks. I dug in a little bit and Azure support doesn't seem to be in great shape. I'll document here for the record.
Password Pusher uses ActiveStorage to upload/store/retrieve files. This is the section on how to configure Azure storage.
It references the azure-storage-blob Ruby gem which hasn't been updated since 2021. :-(
When I go to the source code for that gem, it's been deprecated by Microsoft with no clear alternative.
This is the discussion in the Rails community: rails/rails#49983
@msundman78 you might be able to manually set that value. You could create a file config/initializers/azure.rb
with the following content:
require "azure-storage-ruby"
Azure::Storage::Blob::Default::STG_VERSION = "2024-05-04"
from passwordpusher.
@msundman78 - that is an excellent investigation and solution! You should also post this in rails/rails#49983 for others in the Rails community that are facing this.
For anyone else reading this thread and using Azure as a backend, could you confirm that the fix above works for you? If so, I'll roll this initializer into the main code base.
Thanks @msundman78!
from passwordpusher.
Related Issues (20)
- Installation guide without Docker? HOT 16
- The parameter PWP__SIGNUP_EMAIL_REGEXP does not work HOT 7
- Multi-branded instance HOT 2
- PWP__BRAND__SHOW_FOOTER_MENU=false does not seem to apply HOT 4
- I deleted a user from the users table so I could sign up again. HOT 1
- User Search feature in Admin Portal not working HOT 2
- Https Activation on Container HOT 5
- PasswordPusher in a Docker container behind an Apache reverse proxy - incorrect URLs HOT 5
- Admin panel 404 HOT 4
- /r/:url_token.json - Doesn't allow to pass passphrase HOT 2
- Rate Limit Exceeded HOT 4
- Error 500 when making a new account; Seems like a SSL error HOT 33
- Just password generation for internal users and login for external users HOT 3
- Error 500 on sending emails HOT 18
- What the the most important folders and files of this working? HOT 1
- Password policy for accounts (login functionnality) HOT 2
- New user confirmation can get triggered by bots HOT 10
- Update the latest tag to use the latest version HOT 2
- Can "© 2024 Pedro Giacomo Lombardo" be removed with a variable? HOT 2
- url push with 1-click retrieval step consume two views HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passwordpusher.