With CORS you can now easily build web applications that use JavaScript and HTML5 to interact with resources in Amazon S3, enabling you to implement HTML5 drag and drop uploads to Amazon S3, show upload progress, or update content.
Just finished building a drag and drop uploader feature for <a href="http://commando.io" rel="nofollow">http://commando.io</a>. I went back and forth between storing files in S3, on disk, or using database backed storage. Unfortunately CORS was not released yet, because if it was, I would have gone with S3.<p>I went MongoDB + GridFS. It has worked out well so far. Really like that I can store the meta-data right with the binary data in MongoDB, and can query and filter directly on the meta-data. Also, using a MongoDB replica set, I get automatic redundancy of files.<p>I made a quick demo video of the upload feature showing drag & drop, and the files interface, check it out if you please: <a href="http://www.youtube.com/watch?v=ru7YZ2E65YU" rel="nofollow">http://www.youtube.com/watch?v=ru7YZ2E65YU</a>
I put together a FileAPI based uploader using signed PUTs. I hadn't gotten around to releasing it yet but here is a gist for those who might be interested: <a href="https://gist.github.com/3593744" rel="nofollow">https://gist.github.com/3593744</a>
With CORS, you can now easily build web applications that use JavaScript and HTML5 to interact with resources in Amazon S3, enabling you to implement HTML5 drag and drop uploads to Amazon S3, show upload progress, or update content
Good walk through.<p>How safe is it against abuse [i.e. MITM, dos]? Most probably I am missing smth, but if credentials are applied in browser, can user get hold of them and upload a couple of petabytes?