Support for custom signed headers as part of Presign URLs

[leungster]

I'm trying to generate Presigned URLs that require the user to provide matching headers upon usage. The current PresignXXX methods don't allow me to specify extra headers that should be part of the signature.

ReqParams aren't sufficient because the value of the params are included in the returned presign URL. Whereas with headers, only the header key is returned.

[harshavardhana]

MinIO SDK is not designed for this use @leungster what is the real purpose of using presigned URLs? - you should use AssumeRole with STS credentials of generating odd presigned URLs

[leungster]

Thanks for the quick reply. Our use case is to add some extra guardrails that the URL is only accessible by the requestor. If the URL were to be copied/passed around, we'd want the header to also be supplied. The value we were going to use is already being rotated / revokable.

The AWS SDK appears to support this capability but the MinIO one has cleaner abstractions for the other use cases we have.
Feel free to close if this is out of scope for MinIO.

[harshavardhana]

The AWS SDK appears to support this capability but the MinIO one has cleaner abstractions for the other use cases we have.

Can you provide examples where AWS SDK provides this?

[leungster]

This is what the AWS SDK would look like.

	svc := s3.New(sess)
	req, _ := svc.PutObjectRequest(&s3.PutObjectInput{
		Bucket: aws.String("bucket"),
		Key:    aws.String("key"),
	})
	req.HTTPRequest.Header.Add("my-header", "value")
	url, _ := req.Presign(1 * time.Minute)