S3 api policy condition to restrict file type / extension

Question

I'm reading the doc here but I can't see how to add a condition to restrict uploads to some whitelist of extension / mime types.

ie: I'd like to only allow people to upload files with extensions "xls", "xlsx", "ppt", "pptx", "doc", "docx", "txt", "csv"

Is this possible?

PS: I'm using jquery-file-upload and already check client side before my POST to s3 but some browsers don't support the File api so I need a double check.

Answer 1

You're likely to validate by its mime type

(which might be useless, since if a mimetype isn't registered, it will pick the default one for a binary unknown type, from the browser perspective).

In the docs, its referred as such:

    ["starts-with", "$Content-Type", "image/"],

I'm not sure if sets are allowed. At the very least, you could combine several policies, one for each allowed mime type.

As for Extension, I guess you have no options, though.

Edit: I've wrote a post a while ago outlining how the whole process works and how to use it (Disclaimer: I write for Newvem)

Answer 2

    $('#fileupload').fileupload('option', {
        maxFileSize: 25000000,
        acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i,
        process: [
            {
                action: 'load',
                fileTypes: /^image\/(gif|jpeg|png)$/,
                maxFileSize: 20000000 // 20MB
            },
            {
                action: 'save'
            }
        ]
    });

The fileTypes option seems to be what you're looking for. Change the regular expression to filter what types you want. My example shows those for image files.