fix: do not sign Content-Length/Content-Type on bodyless DELETE requests#467
fix: do not sign Content-Length/Content-Type on bodyless DELETE requests#467eldon-databanx wants to merge 1 commit into
Conversation
A DELETE has no body, so rust-s3 signed content-length: 0 and content-type: text/plain while the HTTP client never transmitted those headers. AWS S3 tolerates the discrepancy; Cloudflare R2 enforces SigV4 strictly and rejects every DELETE with 403 SignatureDoesNotMatch, making object deletion on R2 impossible. Skip the two headers for all bodyless DELETE commands: DeleteObject, DeleteObjectTagging, AbortMultipartUpload, DeleteBucket, DeleteBucketCors and DeleteBucketLifecycle. Fixes durch#466
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR modifies ChangesHeader Construction Fix
Estimated code review effort: 1 (Trivial) | ~5 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Brownian Motion (Brass)Recommendation: Proceed Summary: Fixes R2 DELETE signatures by omitting headers clients never send Highlights
Unknowns
Next actions
Reflection questions
|
|
I believe #452 also includes a (more general) fix. |
1 similar comment
|
I believe #452 also includes a (more general) fix. |
Fixes #466.
Problem
headers()inrequest_trait.rsfalls through to the catch-all arm for DELETE commands and insertsContent-Length: 0andContent-Type: text/plaininto the signed header map. Since a DELETE has no body, the HTTP client never actually transmits those headers, so the canonical request signed by rust-s3 differs from the one the server reconstructs.AWS S3 tolerates the discrepancy, which is why this goes unnoticed there. Cloudflare R2 enforces SigV4 strictly and rejects every DELETE with
403 SignatureDoesNotMatch— PUT/GET/HEAD work fine, but no object can ever be deleted on R2.Fix
Skip inserting
Content-Length/Content-Typefor all bodyless DELETE commands:DeleteObject,DeleteObjectTagging,AbortMultipartUpload,DeleteBucket,DeleteBucketCorsandDeleteBucketLifecycle. (DeleteObjectsis a POST with an XML body and keeps its headers.)Testing
Verified in production against Cloudflare R2 (Stalwart mail server, which had been unable to purge any blob on R2): with this patch,
delete_objectsucceeds — a backlog of ~2.8k objects that had been failing withSignatureDoesNotMatchwas deleted without a single error. Behaviour against AWS S3 is unchanged, since the headers were no-ops there.This change is
Summary by CodeRabbit
Content-LengthorContent-Typeheaders.