Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect processing of signed payload in pre-signed URL #1581

Closed
MNV opened this issue Jul 25, 2018 · 4 comments
Closed

Incorrect processing of signed payload in pre-signed URL #1581

MNV opened this issue Jul 25, 2018 · 4 comments
Labels
guidance Question that needs advice or information. no-autoclose This issue should not be auto-closed by stale-issue-cleanup action.

Comments

@MNV
Copy link

MNV commented Jul 25, 2018

According to this issue #1392 I've found some problem with checksum providing ContentSha256 param in command for creating pre-signed URL.
I think the problem in getPresignedPayload() method (https://github.com/jeskew/aws-sdk-php/blob/4e29e28494f8dc69c2ae1b34a0a658e8ed9537fe/src/Signature/S3SignatureV4.php#L53) which always returns UNSIGNED-PAYLOAD that doesn't match real body content of the uploading file.
@MNV MNV mentioned this issue Jul 25, 2018
Closed
@kstich
Copy link
Contributor

kstich commented Jul 25, 2018

What are you trying to sign the contents of a pre-signed upload URL for? Having a signed body for a pre-signed upload URL would mean that the consumer of the pre-signed URL would have to upload contents with the same signature - you'd have to know what they're going to upload when generating the URL. Using the UNSIGNED-PAYLOAD allows the consumer to upload whatever contents they wish to the file. You can read more about pre-signed upload URLs here.

@kstich kstich added guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jul 25, 2018
@MNV
Copy link
Author

MNV commented Jul 26, 2018

In this issue, there is a discussion (#1392 (comment)) about providing ContentSha256 hash generating pre-signed URL to allow the server to know what they are going to upload.
I would like to pass the checksum to the server to generate the URL for uploading and check that client tries to upload the same file for which pre-signed URL was given (#1392 (comment)).

@kstich kstich added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jul 27, 2018
@MNV MNV mentioned this issue Aug 14, 2018
Open
@MNV
Copy link
Author

MNV commented Aug 17, 2018

@kstich Have you planned to explore this problem? Do you need any extra information and details?

@abiodunjames
Copy link

I'm facing this issue currently

@diehlaws diehlaws removed the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Sep 23, 2019
@diehlaws diehlaws removed their assignment Aug 26, 2020
@howardlopez howardlopez added the no-autoclose This issue should not be auto-closed by stale-issue-cleanup action. label Aug 27, 2020
@aws aws locked and limited conversation to collaborators Apr 25, 2022
@ajredniwja ajredniwja converted this issue into discussion #2437 Apr 25, 2022

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
guidance Question that needs advice or information. no-autoclose This issue should not be auto-closed by stale-issue-cleanup action.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@MNV @abiodunjames @kstich @howardlopez @diehlaws