accutb

Secure S3 File Browser

A stateless, client-side interface by SystGrid Solutions.

Endpoint (Required for non-AWS)

Addressing Style

Region

Bucket Name

Access Key ID

Secret Access Key

Why use accutb Secure S3 Browser?

Traditional S3 clients often require you to store credentials on a server or in local databases. Secure S3 File Browser utilizes a "Zero-Knowledge" architecture. Your Access Keys and Secret Keys are held exclusively in the volatile memory (RAM) of your browser tab.

What is CORS (Cross-Origin Resource Sharing)?

CORS is a security standard implemented by browsers to prevent scripts on one website (accutb.com) from accessing data on another (bsgw.in.ddcpl.com) without permission. If the server doesn't explicitly "allow" the browser's request via specific headers, the browser will kill the connection for safety.

How CORS affects communication

When connecting, the browser sends an OPTIONS request (Preflight). The server must respond with specific headers permitting the Authorization and x-amz-* headers. If these headers are missing or incomplete in the response, the actual data fetch will never trigger.

Required CORS Configuration

Add these exact configurations to your storage provider or reverse proxy:

JSON Format (AWS / R2 / DigitalOcean)

[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "PUT", "POST", "DELETE", "HEAD"],
    "AllowedOrigins": ["https://accutb.com"],
    "ExposeHeaders": ["ETag", "x-amz-request-id", "x-amz-id-2"]
  }
]

XML Format (MinIO / S3 Buckets)

<CORSConfiguration>
  <CORSRule>
    <AllowedOrigin>https://accutb.com</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
    <ExposeHeader>ETag</ExposeHeader>
  </CORSRule>
</CORSConfiguration>

HAProxy Corrected Config (v2.8+ compatible)

Apply to 'frontend http-nttobjectstore'. This syntax avoids parsing alerts by using single-line declarations:

# 1. Define allowed origin
acl is_accutb hdr(Origin) -i https://accutb.com

# 2. Handle OPTIONS preflight. One line to avoid '\' syntax issues in some versions.
http-request return status 204 content-type "text/plain" hdr Access-Control-Allow-Origin "https://accutb.com" hdr Access-Control-Allow-Methods "GET, PUT, POST, DELETE, OPTIONS, HEAD" hdr Access-Control-Allow-Headers "authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-security-token,x-amz-user-agent,x-amz-target,x-amz-acl" hdr Access-Control-Expose-Headers "ETag,x-amz-request-id" hdr Access-Control-Allow-Credentials "true" if METH_OPTIONS is_accutb

# 3. Ensure actual requests from backend get the origin header too
http-response set-header Access-Control-Allow-Origin "https://accutb.com" if { hdr(Origin) -i https://accutb.com }

Technical Note: Host Header Preservation

S3 SigV4 authentication calculates signatures based on the Host header. If your HAProxy modifies the Host header before passing it to the NTT backend, the signature will mismatch (403 Forbidden). Ensure your HAProxy backend preserves the Host or matches the signature expectation.

Zero-Knowledge & Stateless Security

This tool follows a Stateless Interface model. Unlike desktop S3 clients, nothing is written to your disk. All keys exist only in the volatile RAM of this tab. Closing the tab or logging out instantly purges all access parameters.

accutb

Bucket

Region • Provider

Upload

Name	Size	Modified	Actions

CORS Validated Session

Communication with accutb.com is successfully whitelisted. All operations are performed directly between this tab and your storage provider endpoint.

SystGrid Infrastructure

SystGrid Solutions Private Limited specializes in high-security cloud infrastructure. This tool is provided as a public utility for secure file management.