Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

presigned_url always adds content-type to signed headers #3027

Closed
xanderman opened this issue May 16, 2024 · 3 comments
Closed

presigned_url always adds content-type to signed headers #3027

xanderman opened this issue May 16, 2024 · 3 comments
Labels
guidance Question that needs advice or information.

Comments

@xanderman
Copy link

Describe the bug

Starting in aws-sdk-core 3.192.0, the behavior of presigned_url changed to always add content-type as a signed header even when it is not specified in the params. We don't know ahead of time what type of file will be uploaded, so need to allow anything. I don't even know what content-type is expected, since I didn't specify one in the presigned_url call. This breaks our uploads, and is preventing me from upgrading aws-sdk gems.

Expected Behavior

Prior to 3.192.0, presigned_url(:put, { acl: 'bucket-owner-full-control', server_side_encryption: 'AES256', expires_in: 600 } would return a URL with X-Amz-SignedHeaders=host.

Current Behavior

Starting with 3.192.0, presigned_url(:put, { acl: 'bucket-owner-full-control', server_side_encryption: 'AES256', expires_in: 600 } returns a URL with X-Amz-SignedHeaders=content-type;host.

Reproduction Steps

presigned_url(:put, { acl: 'bucket-owner-full-control', server_side_encryption: 'AES256', expires_in: 600 }

Possible Solution

No response

Additional Information/Context

I've tried setting various values for content_type: in the params hash (nil, '', '*') but none of them remove content-type from the signed headers, or allow arbitrary uploads.

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version

aws-sdk-core

Environment details (Version of Ruby, OS environment)

Ruby 3.2.2. I'm on an M1 Mac, but this also happens in our docker image which is slim-bookworm.
@xanderman xanderman added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 16, 2024
@mullermp
Copy link
Contributor

Thanks for opening an issue. Are you using the latest aws-sdk-s3? I believe that gem was updated to remove content type for presigned url in this case.

https://github.com/aws/aws-sdk-ruby/blob/version-3/gems%2Faws-sdk-s3%2Flib%2Faws-sdk-s3%2Fpresigner.rb#L202

@mullermp mullermp added guidance Question that needs advice or information. and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 17, 2024
@xanderman
Copy link
Author

You are absolutely right. Thanks for your help, and sorry for the pointless bug report. I have too many dependabot PRs. I could have sworn I ran my tests in all of them, but obviously I missed the one with the aws-sdk-s3 update, because it works in that one. Thanks!

@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xanderman @mullermp @jterapin