Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignatureDoesNotMatch when using virtual_host option #938

Closed
acolchagoff opened this issue Sep 29, 2015 · 5 comments
Closed

SignatureDoesNotMatch when using virtual_host option #938

acolchagoff opened this issue Sep 29, 2015 · 5 comments

Comments

@acolchagoff
Copy link
Contributor

I'm trying to use 2.1.23 to generate a presigned url for an item in an s3 bucket with a custom domain name.
Let's say the bucket's name is stuff.example.com and that there is a cname configured so that if you go to http://stuff.example.com/some-uuid/index.html you get a stack website.
This is all working, however I would like to turn on some security via the presigned_url feature.

My code is as follows:

  def get_object_url(bucket_name, object_name)
    res = Aws::S3::Resource::new
    res.bucket(bucket_name)
        .object(object_name)
        .presigned_url(:get, {
                               expires_in: 1.day,
                               virtual_host: true
                           })
  end

The result is: http://stuff.example.com/some-uuid/indexAPI.html?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYKEY%2F20150929%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20150929T192323Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=718d7d44e3286266cc0cfd7b303f60c63df7425bea4952632816ee4491b6452a

And when I try it in a browser I get this:

SignatureDoesNotMatch --
The request signature we calculated does not match the signature you provided. Check your key and signing method.
@acolchagoff acolchagoff changed the title SignatureDoesNotMatch -- The request signature we calculated does not match the signature you provided. Check your key and signing method. SignatureDoesNotMatch when using virtual_host option Sep 29, 2015
@acolchagoff
Copy link
Contributor Author

I've tested this same code omitting the virtual_host parameter, and everything works as expected. (Unfortunately the virtual host is essential for my application as otherwise CORS kicks in and breaks everything.)

@acolchagoff
Copy link
Contributor Author

Found the issue. The url being used for creating the signature starts with https:// rather than http://

@trevorrowe
Copy link
Member

Good catch. I want to do some additional testing before I merge this. I suspect that http is only necessary if the bucket name contains dots.

@acolchagoff
Copy link
Contributor Author

I think the bucket name will always contain dots when it's being used with a CNAME for static web hosting. as the bucket name is require to be the same as the domain name it is serving. I'm not sure if this bit of code is used for other applications.

@trevorrowe
Copy link
Member

Good point! The code is only used when virtual hosting, so using http seems to be the only sensible approach.

awood45 added a commit that referenced this issue Oct 15, 2015
@awood45
Tag release v2.1.30
251b4ac 
References:
  #928, #931, #938, #948, #957, #958
@awood45 awood45 mentioned this issue Jan 31, 2017
Closed
@srchase srchase added the bug label Dec 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@trevorrowe @srchase @acolchagoff