-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SignatureDoesNotMatch when using virtual_host option #938
Comments
I've tested this same code omitting the virtual_host parameter, and everything works as expected. (Unfortunately the virtual host is essential for my application as otherwise CORS kicks in and breaks everything.) |
Found the issue. The url being used for creating the signature starts with https:// rather than http:// |
Good catch. I want to do some additional testing before I merge this. I suspect that http is only necessary if the bucket name contains dots. |
I think the bucket name will always contain dots when it's being used with a CNAME for static web hosting. as the bucket name is require to be the same as the domain name it is serving. I'm not sure if this bit of code is used for other applications. |
Good point! The code is only used when virtual hosting, so using http seems to be the only sensible approach. |
I'm trying to use 2.1.23 to generate a presigned url for an item in an s3 bucket with a custom domain name.
Let's say the bucket's name is stuff.example.com and that there is a cname configured so that if you go to http://stuff.example.com/some-uuid/index.html you get a stack website.
This is all working, however I would like to turn on some security via the presigned_url feature.
My code is as follows:
The result is: http://stuff.example.com/some-uuid/indexAPI.html?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYKEY%2F20150929%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20150929T192323Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=718d7d44e3286266cc0cfd7b303f60c63df7425bea4952632816ee4491b6452a
And when I try it in a browser I get this:
SignatureDoesNotMatch --
The request signature we calculated does not match the signature you provided. Check your key and signing method.
The text was updated successfully, but these errors were encountered: