Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AWS::S3] Support for custom query parameters in presigned URLs #1384

Closed
dougal opened this issue Jan 5, 2017 · 4 comments
Closed

[AWS::S3] Support for custom query parameters in presigned URLs #1384

dougal opened this issue Jan 5, 2017 · 4 comments
Labels
feature-request A feature should be added or improved.

Comments

@dougal
Copy link

dougal commented Jan 5, 2017

Proposal for Feature

I would propose to allow, and to add to the signed parameters, any parameter which begins with an x-, but not x-aws. This allows custom parameters, while preventing collision with any of the AWS parameters.

Example:

signer = Aws::S3::Presigner.new
url = signer.presigned_url(:get_object, bucket: "bucket", key: "key", { 'x-foo' => 'bar' })

Use Case

I wish to add a custom parameter to those which are used to create the signature. This would allow the identification of individual URLs in the S3 access logs, allowing us to assert whether or not a user has successfully completed download of a file.

What We've Tried

We tried adding various keys to the params argument of the Aws::S3::Presigner#presigned_url, all of which cause the parameter checking to raise an error.

It appears that only the following keys are allowed by the parameter checking:

bucket
if_match
if_modified_since
if_none_match
if_unmodified_since
key
range
response_cache_control
response_content_disposition
response_content_encoding
response_content_language
response_content_type
response_expires
version_id
sse_customer_algorithm
sse_customer_key
sse_customer_key_md5
request_payer
part_number

Notes

I had a look at types.rb in the aws-sdk-core gem. It appears that the definition of GetObjectRequest would not allow such custom fields to be defined. I am therefor not sure how such a feature would be implemented. Perhaps someone more familiar with the code could suggest an implementation.
@awood45 awood45 added feature-request A feature should be added or improved. Version 2 labels Jan 5, 2017
@awood45
Copy link
Member

awood45 commented Jan 5, 2017

So, this sounds like this boils down to adding custom signed headers to a presigned URL, that are unrelated to the S3 call itself, is that right?

@dougal
Copy link
Author

dougal commented Jan 6, 2017

Custom signed query parameters, as opposed to headers, but yes.

Example:

"https://examplebucket.s3.amazonaws.com/test.txt"\
"?x-foo=bar"\
"&X-Amz-Algorithm=AWS4-HMAC-SHA256"\
"&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2F"\
"us-east-1%2Fs3%2Faws4_request"\
"&X-Amz-Date=20130524T000000Z&X-Amz-Expires=86400"\
"&X-Amz-SignedHeaders=host"\
"&X-Amz-Signature=aeeed9bbccd4d02ee5c0109b86d86835f995330da4c26595"\
"7d157751f604d404"

@cjyclaire cjyclaire mentioned this issue Apr 5, 2017
Closed
@cjyclaire
Copy link
Contributor

PR #1477 is opened that supports this feature, tracking this feature request in that PR : )
Closing, feel free to chime in that PR with comments : )

@gotoAndBliss
Copy link

That PR request looked like it was for JS. Is there anything for Ruby on this?

We create URL's that lead to applets that use the parameter data to seed their responses ( such as the user_id, endpoint, etc. ).

Since we've upgraded to V3, this breaks with AuthorizationQueryParametersError as we are augmenting the presigner URL after initialization. Is there any way to seed this data into the URL upon creation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dougal @gotoAndBliss @awood45 @cjyclaire