PHPackages                             hassan/laravel-s3-browser-based-uploads - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [File &amp; Storage](/categories/file-storage)
4. /
5. hassan/laravel-s3-browser-based-uploads

ActiveLibrary[File &amp; Storage](/categories/file-storage)

hassan/laravel-s3-browser-based-uploads
=======================================

Upload files to AWS S3 Directly from Browser

v2.0.0(7mo ago)913.5k2MITPHPPHP ^8.1|^8.2|^8.3CI failing

Since Jul 26Pushed 7mo agoCompare

[ Source](https://github.com/dhassanali/laravel-s3-browser-based-uploads)[ Packagist](https://packagist.org/packages/hassan/laravel-s3-browser-based-uploads)[ Docs](https://github.com/dhassanali/laravel-s3-browser-based-uploads)[ RSS](/packages/hassan-laravel-s3-browser-based-uploads/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (6)Dependencies (8)Versions (7)Used By (0)

Laravel S3 Browser Based Uploads
================================

[](#laravel-s3-browser-based-uploads)

[![Latest Version on Packagist](https://camo.githubusercontent.com/7105c1dba9043d51009be1a1327693099e81f572bb963b98aa916205fb2d0699/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f68617373616e2f6c61726176656c2d73332d62726f777365722d62617365642d75706c6f6164732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hassan/laravel-s3-browser-based-uploads)[![Build Status](https://camo.githubusercontent.com/68291580d6670b4c8a7c984537f0249f140daef35c781ccf4fbfb334924325d2/68747470733a2f2f62616467656e2e6e65742f7472617669732f6468617373616e616c692f6c61726176656c2d73332d62726f777365722d62617365642d75706c6f6164732f6d6173746572)](https://travis-ci.org/dhassanali/laravel-s3-browser-based-uploads)[![Total Downloads](https://camo.githubusercontent.com/7ac9d29135953d5e19a5521ae480a0ac48506909233668f577812a1a20982900/68747470733a2f2f706f7365722e707567782e6f72672f68617373616e2f6c61726176656c2d73332d62726f777365722d62617365642d75706c6f6164732f642f746f74616c2e737667)](https://packagist.org/packages/hassan/laravel-s3-browser-based-uploads)[![License](https://camo.githubusercontent.com/4a7b927f36464641fc0ef7f774d296f2e67dcaf88ae015e3d0b4ad86bf153f5b/68747470733a2f2f62616467656e2e6e65742f7061636b61676973742f6c6963656e73652f68617373616e2f6c61726176656c2d73332d62726f777365722d62617365642d75706c6f616473)](https://packagist.org/packages/hassan/laravel-s3-browser-based-uploads)

Upload files to AWS S3 directly from the browser using presigned POST requests, reducing server load and bandwidth usage.

Requirements
------------

[](#requirements)

- PHP 8.1 or higher
- Laravel 9.x, 10.x, or 11.x
- AWS S3 bucket with appropriate permissions

Installation
------------

[](#installation)

### 1. Install the package via composer

[](#1-install-the-package-via-composer)

```
composer require hassan/laravel-s3-browser-based-uploads
```

For Laravel 9+, you may need to install Flysystem dependencies:

```
composer require league/flysystem-aws-s3-v3 "^3.0" --with-all-dependencies
```

### 2. Publish the config file

[](#2-publish-the-config-file)

```
php artisan vendor:publish --provider="Hassan\S3BrowserBasedUploads\ServiceProvider" --tag=config
```

### 3. Configure your AWS credentials

[](#3-configure-your-aws-credentials)

Add your AWS settings to `.env`:

```
AWS_ACCESS_KEY_ID=your-access-key-id
AWS_SECRET_ACCESS_KEY=your-secret-access-key
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=your-bucket-name
```

### 4. Configure S3 CORS (Required!)

[](#4-configure-s3-cors-required)

For browser uploads to work, you **must** configure CORS on your S3 bucket. Add this CORS configuration in your AWS S3 Console:

```
[
    {
        "AllowedHeaders": ["*"],
        "AllowedMethods": ["POST"],
        "AllowedOrigins": ["https://yourdomain.com"],
        "ExposeHeaders": ["ETag"],
        "MaxAgeSeconds": 3000
    }
]
```

**Important**: Replace `https://yourdomain.com` with your actual domain(s). For local development, you may add `http://localhost:8000` or use `["*"]` (not recommended for production).

Usage
-----

[](#usage)

### Basic Usage

[](#basic-usage)

```
use Hassan\S3BrowserBasedUploads\Facades\S3BrowserBasedUploads;

// Get the S3 endpoint URL
$endpointUrl = S3BrowserBasedUploads::getEndpointUrl();

// Get the presigned POST fields
$fields = S3BrowserBasedUploads::getFields();

// Use a different connection
$fields = S3BrowserBasedUploads::connection('secure_images')->getFields();
```

Example
-------

[](#example)

```
const formData = new FormData();

@foreach(S3BrowserBasedUploads::getFields() as $key => $value)
    formData.append('{{ $key }}', '{{ $value }}');
@endforeach

formData.append('Content-Type', file.type);
formData.append('file', file, file.name);

const request = new XMLHttpRequest();
request.open('POST', "{{ S3BrowserBasedUploads::getEndpointUrl() }}");
request.send(formData);
```

Check out [the demo with Filepond](demo.blade.php)

### Using Credentials Routes

[](#using-credentials-routes)

You can optionally register a route that returns the credentials as JSON:

```
// In your RouteServiceProvider or routes/web.php
use Hassan\S3BrowserBasedUploads\S3BrowserBasedUploads;

public function boot()
{
    // Registers GET route: /s3_browser_based_uploads/credentials
    S3BrowserBasedUploads::routes();

    // With custom options (e.g., authentication middleware)
    S3BrowserBasedUploads::routes([
        'middleware' => ['auth', 'throttle:60,1'],
        'prefix' => 'api/uploads',
    ]);
}
```

This creates an endpoint that returns:

```
{
    "url": "https://your-bucket.s3.amazonaws.com",
    "fields": {
        "key": "tmp/images/${filename}",
        "policy": "eyJ...",
        "x-amz-algorithm": "AWS4-HMAC-SHA256",
        "x-amz-credential": "...",
        "x-amz-date": "...",
        "x-amz-signature": "..."
    }
}
```

Security Considerations
-----------------------

[](#security-considerations)

### ⚠️ Important Security Warnings

[](#️-important-security-warnings)

1. **Filename Sanitization**: Using `${filename}` in your config can expose you to path traversal attacks. Consider:

    ```
    // In your backend before generating credentials
    'key' => 'uploads/' . Str::uuid() . '.' . $extension
    ```
2. **File Size Limits**: Always set `content-length-range` in your config to prevent abuse:

    ```
    ['content-length-range', 1, 10485760] // 1 byte to 10MB
    ```
3. **Content-Type Validation**: Restrict file types using conditions:

    ```
    ['starts-with', '$Content-Type', 'image/'] // Images only
    ['eq', '$Content-Type', 'application/pdf'] // PDFs only
    ```
4. **Short Expiration Times**: Use short-lived URLs (1-15 minutes recommended):

    ```
    'expiration_time' => '+5 minutes'
    ```
5. **Rate Limiting**: The credentials endpoint includes default rate limiting (60 requests/minute). Adjust as needed.
6. **HTTPS Only**: Always use HTTPS in production to prevent credential interception.
7. **Bucket Permissions**: Set appropriate S3 bucket policies and ACLs. Avoid public write access.

### AWS IAM Permissions

[](#aws-iam-permissions)

Your AWS IAM user needs these S3 permissions:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        }
    ]
}
```

### Known Limitations

[](#known-limitations)

- Does not work with AWS IAM Identity Center credentials (use standard IAM credentials)
- Maximum expiration time is capped at 12 hours for security
- Requires CORS configuration on S3 bucket

### Security Disclosure

[](#security-disclosure)

If you discover any security related issues, please email  instead of using the issue tracker.

###  Health Score

49

—

FairBetter than 94% of packages

Maintenance64

Regular maintenance activity

Popularity26

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity78

Established project with proven stability

 Bus Factor1

Top contributor holds 96.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~461 days

Recently: every ~577 days

Total

6

Last Release

222d ago

Major Versions

0.1.3 → 1.0.02019-07-30

1.0.1 → v2.0.02025-11-20

PHP version history (3 changes)0.1.1PHP ^7.1

1.0.1PHP ^7.2.5

v2.0.0PHP ^8.1|^8.2|^8.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/af2f10ca91e0fb01d06fb9c648bb04ecf3205bcc1b5570974e14320a85f9178e?d=identicon)[hassan\_ali](/maintainers/hassan_ali)

---

Top Contributors

[![dhassanali](https://avatars.githubusercontent.com/u/12805108?v=4)](https://github.com/dhassanali "dhassanali (25 commits)")[![cwilby](https://avatars.githubusercontent.com/u/13686317?v=4)](https://github.com/cwilby "cwilby (1 commits)")

---

Tags

aws-s3directlylaravellaravel-storageuploadsHassan laravel-s3-browser-based-uploads

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/hassan-laravel-s3-browser-based-uploads/health.svg)

```
[![Health](https://phpackages.com/badges/hassan-laravel-s3-browser-based-uploads/health.svg)](https://phpackages.com/packages/hassan-laravel-s3-browser-based-uploads)
```

###  Alternatives

[laravel/ai

The official AI SDK for Laravel.

1.0k2.1M165](/packages/laravel-ai)[psalm/plugin-laravel

Psalm plugin for Laravel

3345.1M337](/packages/psalm-plugin-laravel)[illuminate/filesystem

The Illuminate Filesystem package.

15263.8M3.1k](/packages/illuminate-filesystem)[pressbooks/pressbooks

Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS.

45344.0k1](/packages/pressbooks-pressbooks)[moonshine/moonshine

Laravel administration panel

1.3k239.9k76](/packages/moonshine-moonshine)[tallstackui/tallstackui

TallStackUI is a powerful suite of Blade components that elevate your workflow of Livewire applications.

721160.4k12](/packages/tallstackui-tallstackui)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
