This page describes how to use HTML forms, which allow your
users to upload files to your bucket. When you create an HTML form, it's
recommended that you create a policy document, which defines conditions
that upload requests must meet. HTML forms utilize the XML object POST
API.
The uploaded object replaces any existing object with the same name. For
tips on uploading to Cloud Storage, see best practices. For information
about POST
object requests using the legacy signing
process, see POST Object with the V2 signing process.
Query string parameters
This request does not include query string parameters.
Form fields
You can create an HTML form by defining the form fields described below.
Field | Description | Required |
---|---|---|
acl |
The predefined ACL that you want to apply to the object that is being
uploaded. If you do not specify this field the bucket's
default ACL is applied. |
No |
bucket |
The name of the bucket that you want to upload to. If you include this
field, it must match the bucket name you specify in the
action attribute. |
No |
Cache-Control |
The cache control for the object. You can only set cache control for an
object that is accessible to all users. For instance, an object's ACL must
be public-read or public-read-write to be able
to set the cache-control. |
No |
Content-Disposition |
Specifies how the object data should be transmitted. For example, a
Content-Disposition value of inline means that
the object should be displayed immediately. |
No |
Content-Encoding |
The compression algorithm for the object, such as
gzip . |
No |
Content-Length |
The size of the uploaded file, in bytes. | No |
Content-Type |
The MIME type of the file you are uploading via the form. If you do not
specify a content type, the Cloud Storage system defaults to
application/octet-stream
when it serves the content. |
No |
Expires |
An ISO8601 timestamp that specifies the date and time before an object is considered stale by the browser. | No |
file |
The file you are uploading. Must be the last field in the form. You can upload only one object per request. | Yes |
key |
The name of the object that you are uploading. You can also use the ${filename} variable if a user is providing a file name. | Yes |
policy |
The security policy that describes what can and cannot be uploaded in the form. The policy document must be Base64 encoded. See policy documents for more information. If you do not provide a security policy, requests are considered to be
anonymous and will only work with buckets that have granted
|
No |
success_action_redirect |
A URL that users are redirected to when an upload is successful. If you
do not provide a URL, Cloud Storage responds with the status code
that you specified in success_action_status . |
No |
success_action_status |
The status code that you want Cloud Storage to respond with when an upload is successful. The default is 204, but you can change this to 200 or 201. If you choose 200 or 204, Cloud Storage returns an empty document with those status codes. If you choose 201, Cloud Storage returns an XML document with the elements that are described in Response Body Elements. | No |
x-goog-algorithm |
The signing algorithm used to create the
signature associated
with your policy document. Possible values are
GOOG4-HMAC-SHA256 and GOOG4-RSA-SHA256 |
Only if you specify a policy |
x-goog-credential |
The credentials used to create the
signature associated
with your policy document. x-goog-credential has the form
AccessKeyId/CredentialScope , where:
|
Only if you specify a policy |
x-goog-custom-time |
A user-specified date and time in the
RFC 3339 format
YYYY-MM-DD'T'HH:MM:SS.SS'Z' . |
No |
x-goog-date |
The current date, in the ISO
8601 basic format YYYYMMDD'T'HHMMSS'Z' . |
Only if you specify a policy |
x-goog-signature |
The signature associated with your policy document. | Only if you specify a policy |
x-goog-meta-* |
A field for custom metadata. You can use this to specify any additional
metadata that is not provided by the other form fields. For example,
x-goog-meta-reviewer: jane or
x-goog-meta-project-manager: john is custom metadata. |
No |
Response body elements
The following response body elements are returned in an XML document only if
you set success_action_status
to 201.
Element | Description |
---|---|
Bucket |
Bucket in which the object was stored. |
ETag |
HTTP 1.1 entity tag for the object. |
Key |
The object's name. |
Location |
The URI for the object. |
Example of how to create an HTML form
The following example shows you how to create an HTML form to upload an object, using a signature that's created with the V4 policy signing process.
The form must be UTF-8 encoded. You can specify form encoding in the form's HTML
head
tag or by using the Content-Type
request header.
Your form
tag must specify the following three items:
An action.
The
action
attribute specifies an XML API request endpoint.Valid endpoints include
https://BUCKET_NAME.storage.googleapis.com
,https://storage.googleapis.com/BUCKET_NAME
, andCNAME
redirects.A method.
The
method
attribute specifies the method that you are using to submit the form. It must bepost
.An enclosure type.
The
enctype
attribute specifies the enclosure type you are using and must always bemultipart/form-data
.
The following is an example HTML form, which uses a policy document that's
specified by the policy
form field.
HTML
<form action="https://storage.googleapis.com/travel-maps" method="post" enctype="multipart/form-data"> <input type="text" name="key" value="test-object"> <input type="hidden" name="Content-Type" value="image/jpeg"> <input type="hidden" name="success_action_redirect" value="https://www.example.com/success_notification.html"> <input type="hidden" name="policy" value="eyJjb25kaXRpb25zIjpbey..."> <input type="hidden" name="x-goog-algorithm" value="GOOG4-RSA-SHA256"> <input type="hidden" name="x-goog-credential" value="example_account@example_project.iam.gserviceaccount.com/20191102/us-central1/storage/goog4_request"> <input type="hidden" name="x-goog-date" value="20191102T043530Z"> <input type="hidden" name="x-goog-signature" value="58bc39b8f604ee1f18171f..."> <input name="file" type="file"> <input type="submit" value="Upload"> </form>
Client libraries
For more information, see the
Cloud Storage C++ API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage C# API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage Java API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage Go API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage Node.js API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage PHP API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage Python API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
For more information, see the
Cloud Storage Ruby API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
C++
C#
Java
Go
Node.js
PHP
Python
Ruby
As a best practice you should use the Expect: 100-continue
header
with POST
requests. This lets you verify that the server will handle the
request before you send the object. If you receive a status code 100 Continue
you should proceed with the request. If you receive a status code
417 Expectation Failed
then you shouldn't send the object.