S3 Presigned Put URL With SSE Regression

[mcgalcode]

I am experiencing behavior outlined in this issue using the most recent version Release v2.10.15 - 2017-07-20 of the SDK

Specifically, I am generating presigned PUT urls with the #presigned_url method and passing it the server_side_encryption: "AES256" option and the acl: "private" option.

This is generating URLs with this parameter in the query string

X-Amz-SignedHeaders\=host\&x-amz-acl\=private\&x-amz-server-side-encryption\=AES256\

These URLs return an error with "unsigned header present" in the message when I include the x-amz-server-side-encryption and the header in my request to the URL.

<Message>There were headers present in the request which were not signed</Message>
<HeadersNotSigned>x-amz-server-side-encryption,x-amz-acl</HeadersNotSigned>

If it's helpful, the same options passed to the Java SDK result in a query string with that same parameter formatted this way:

X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption%3Bx-amz-acl

The URL with the above formatting works as expected.

This suggests to me that including that parameter somehow breaks the presigning algorithm.

[cjyclaire]

Appreciate the feedback! So this is the same issue in the refer, long story short, it's a issue in S3 side, S3 should have check query string only, yet it's still checking both signed headers and headers in the request.

However, fixing that will break existing customers. The querystring itself doesn't have a problem, temporary workaround would be using the aws-sigv4 gem as mentioned in the issue (allows custom header signing and headers in requests). Also I'll count your feedback a +1 for the enhancement in S3 presign feature : )

Tracked in at feature backlog, closing.