-
Notifications
You must be signed in to change notification settings - Fork 602
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Presigned URL for PUT with ContentType doesn't include ContentType in the signed headers #1475
Comments
We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue. |
Please fix this. |
Hi @vangent , First of all I'd like to apologize for the long wait. The person who assigned it to themselves left the company and this issue fell between the cracks. This is not the kind of experience we want users to have with any AWS product, so for that I am sincerely sorry. To answer your question // RemoveContentTypeHeader removes content-type header if
// content length is unset or equal to zero.
func RemoveContentTypeHeader(stack *middleware.Stack) error {
return stack.Build.Add(&removeContentTypeHeader{}, middleware.After)
} Here is how I created the presigned URL: func main() {
cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-east-1"), config.WithClientLogMode(aws.LogResponseWithBody|aws.LogRequestWithBody))
if err != nil {
panic(err)
}
presigner := s3.NewPresignClient(client)
presignPutObject, err := presigner.PresignPutObject(context.TODO(), &s3.PutObjectInput{
Bucket: aws.String(myBucket),
Key: aws.String(myKey),
ContentType: aws.String(MyContentType),
ContentLength: 1,
})
if err != nil {
panic(err)
}
fmt.Println(presignPutObject.URL)
// output:
// https://REDACTED.s3.us-east-1.amazonaws.com/REDACTED?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=REDACTED&X-Amz-Date=20221107T212750Z&X-Amz-Expires=900&X-Amz-SignedHeaders=content-length%3Bcontent-type%3Bhost&x-id=PutObject&X-Amz-Signature=REDACTED Let me know if this helps. |
Thanks for getting back to this! So, I think that explains why the implementation does what it does, but it doesn't explain why. Maybe there's a good reason, but can you explain why the |
BTW, aws/aws-sdk-java-v2#2520 is a similar bug with a regression from V1. |
@vangent , Unfortunately I'm not entirely sure. My best guess would be that this is related to some newer S3 related requirements specifying this behavior. I take it that my previous answer solved the issue at hand so I feel confident we can close this thread. If you have any other issues please feel free to open another issue and I'll do my best to address it as soon as possible. Thanks again! |
|
I have a similar problem. I get a CORS error when adding Content-Type to the signed URL PUT request. Followed your advice to add ContentLength to the PutObjectCommand when generating the signed URL and I can see that header in the browser, but the Content-Type is still missing in X-Amz-SignedHeaders. ` const client = new S3({ const signedUrl = async (args: any) => { Any idea? Cheers, Josef
|
Pinging @RanVaknin based on the github action notification and that it doesn't appear, anyone will see @henryson comment otherwise |
Confirm by changing [ ] to [x] below to ensure that it's a bug:
Describe the bug
Signing a PUT URL with a
ContentType
results in a URL withoutContent-Type
included in the signed headers, so theContentType
is not enforced.Version of AWS SDK for Go?
github.com/aws/aws-sdk-go-v2/service/s3 v1.17.0
Version of Go (
go version
)?latest
To Reproduce (observed behavior)
Expected behavior
V1 produced a signed URL that included
content-type
in theX-Amz-SignedHeaders
.V2 does not.
As a result, using the signed header from V2 doesn't enforce the content type.
Example URL from V1 (some of the URL elided):
Example URL from V2:
Additional context
V1 code is here:
https://github.com/google/go-cloud/blob/master/blob/s3blob/s3blob.go#L750
The text was updated successfully, but these errors were encountered: