New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s3.generate_url appends x-amz-security-token to query string even when query_auth=False #1477
Comments
I've had the same issue with public static links, and helped myself by subclassing the import urllib
import urlparse
class PublicS3BotoStorage(S3BotoStorage):
def __init__(self, *a, **k):
kwargs = dict(location='public', querystring_auth=False)
# merge in any arguments that were passed
kwargs.update(k)
super(PublicS3BotoStorage, self).__init__(*a, **kwargs)
def url(self, name):
orig = super(PublicS3BotoStorage, self).url(name)
scheme, netloc, path, params, query, fragment = urlparse.urlparse(orig)
params = urlparse.parse_qs(query)
if 'x-amz-security-token' in params:
del params['x-amz-security-token']
query = urllib.urlencode(params)
return urlparse.urlunparse((scheme, netloc, path, params, query, fragment)) I can't tell in which cases exactly the security token should be stripped, but this suited my needs. Adapt it to your usecase. |
This issue still exists. Oddly enough the querystring_auth settings is respected locally, but when I deploy to Elastic Beanstalk it breaks. Other parameters seem to work (AWS_S3_URL_PROTOCOL,AWS_S3_CALLING_FORMAT). I will try teeberg's suggestion. |
Teeberg's solution worked for me. It works both in locally and on S3. |
I ran into this as well.. worked around it by doing: conn = S3Connection()
conn.provider.security_token = "" |
It's a royal pain to get compressor working. A bug* in Boto means that static URLs contain security tokens which mean the hash changes every time - hence offline compression doesn't work. We work around with by using {{ STATIC_URL }} instead of {% static %} * boto/boto#1477
Workaround for boto/boto#1477
This reverts commit b719f84. Conflicts: requirements/base.txt
This reverts commit 8a7347d.
This is still an issue if your using iam roles |
… bug New AWS_S3_CUSTOM_DOMAIN env var. When set, it skips using the boto URL construction code, which erroneously adds a `x-amz-security-token` See also: * boto/boto#1477 * http://stackoverflow.com/a/28749849
This should have been fixed in commit 43217f9, included in boto 2.40.0. Does it work for you now? |
Still an issue in boto 2.48.0 |
It seems s3.generate_url will produce a url with a query parameter x-amz-security-token if the current auth provider has a security token even when passing query_auth=False. This url is totally non-working as it has the x-amz-security-token parameter, but none of the other authentication parameters.
The text was updated successfully, but these errors were encountered: