Trouble with presigned url

[loto]

Hello,

I've been using the presigned url feature for a few month, I updated my gem from 2.0.30 to 2.0.42 and encountered a strange issue : the presigned urls were no longer valid.

Error message:

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>__ACCESS_KEY__</AWSAccessKeyId><StringToSign>AWS4-HMAC-SHA256
20150515T204834Z
20150515/us-east-1/s3/aws4_request
ed59f97bdef91cdda961ab6d566152a3ac2368770a95a6b5ee834426efe6b9ed</StringToSign><SignatureProvided>8e6d6c9124b7bebc4baee71680adc2d4ca9702e30c75a4a4f403b869b3d65e32</SignatureProvided><StringToSignBytes>__BYTES__</StringToSignBytes><CanonicalRequest>PUT
/replays/game_1.gzip
X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=__CREDENTIALS__%2F20150515%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20150515T204834Z&amp;X-Amz-Expires=210&amp;X-Amz-SignedHeaders=host%3Bx-amz-acl%3Bx-amz-storage-class
host:project-name.s3.amazonaws.com
x-amz-acl:
x-amz-storage-class:

host;x-amz-acl;x-amz-storage-class
UNSIGNED-PAYLOAD</CanonicalRequest><CanonicalRequestBytes>__BYTES__</CanonicalRequestBytes><RequestId>98B201AA2F17B09A</RequestId><HostId>YusAhaL/oCcE4XG6ZMTTeMnObV50GFA9x+kcFN555+Al5/acWwVmhqxp8cMhzeCb</HostId></Error>

As you can see, the headers "x-amz-acl" & "x-amz-storage-class" are empty.

I rollbacked to the previous version (2.0.30) and everything was ok again.

Am I suppose to update something in my code before upgrading to 2.0.42?
Or is it an actual bug?

Thank you!

[awood45]

I can't recreate this issue in 2.0.42.

Can you tell me a bit more about what you are trying to do?

[loto]

Our mobile app works with an API, the app request URL from the server and upload files on S3. So far it worked perfectly.

[awood45]

Have you taken a look at Presigned Post? If you're doing this via any kind of form, that could be a better choice. In any case, I can't identify anything that has changed and I seem to be able to successfully run presigned requests.

If you can isolate a small code example that breaks, that could help.

[loto]

We're not using any form, this is why we choose this approach in the first place. Here's a more detailed example of what we're doing:

• the app needs to save a log file on S3, it sends a request to the API which returns a presigned url and a unique file name
• the app renames the file and uploads it on S3

Does it help anyhow?

[trevorrowe]

There was definitely a change to the pre-signed URL implementation were request headers were no-longer being hoisted to the query string.

My understanding is that these values are ignored by Amazon S3 if they are sent in the querystring and not sent as request headers. The change was to be a bug-fix not move them to query params and leave them as headers when generating the signature for the pre-signed URLs.

As a result of this, you must send those values as headers when you make the pre-signed request. I'm going to go back and verify this is correct and I'll update here with more information.

[trevorrowe]

Thanks for reporting the issue. This fix will go out with our next release.