Skip to content

Commit

Permalink
Do not normalize presigned url object keys in s3 (#3156)
Browse files Browse the repository at this point in the history
  • Loading branch information
mullermp authored Dec 12, 2024
1 parent 8518e27 commit 7bf6124
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
2 changes: 2 additions & 0 deletions gems/aws-sdk-s3/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
Unreleased Changes
------------------

* Issue - Do not normalize object keys when calling `presigned_url` or `presigned_request`.

1.176.0 (2024-12-03)
------------------

Expand Down
1 change: 1 addition & 0 deletions gems/aws-sdk-s3/lib/aws-sdk-s3/presigner.rb
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,7 @@ def sign_but_dont_send(
credentials_provider: context[:sigv4_credentials] || context.config.credentials,
signing_algorithm: scheme_name.to_sym,
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
normalize_path: !!!auth_scheme['disableNormalizePath'],
unsigned_headers: unsigned_headers,
apply_checksum_header: false
)
Expand Down
21 changes: 19 additions & 2 deletions gems/aws-sdk-s3/spec/presigner_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,15 @@ def initialize(expiration_time)
expect(url).to match(/x-amz-acl=public-read/)
end

it 'does not normalize object keys' do
url = subject.presigned_url(
:get_object,
bucket: 'aws-sdk',
key: 'foo/../bar'
)
expect(url).to include('foo/../bar')
end

context 'credential expiration' do
let(:credentials) do
credentials_provider_class.new(expiration_time)
Expand Down Expand Up @@ -331,14 +340,22 @@ def initialize(expiration_time)
end

it 'returns x-amz-* headers instead of hoisting to the query string' do
signer = Presigner.new(client: client)
url, headers = signer.presigned_request(
url, headers = subject.presigned_request(
:put_object, bucket: 'aws-sdk', key: 'foo', acl: 'public-read'
)
expect(url).to match(/X-Amz-SignedHeaders=host%3Bx-amz-acl/)
expect(headers).to eq('x-amz-acl' => 'public-read')
end

it 'does not normalize object keys' do
url, = subject.presigned_request(
:get_object,
bucket: 'aws-sdk',
key: 'foo/../bar'
)
expect(url).to include('foo/../bar')
end

context 'credential expiration' do
let(:credentials) do
credentials_provider_class.new(expiration_time)
Expand Down

0 comments on commit 7bf6124

Please sign in to comment.