Why is my S3 pre-signed request invalid when I set a response header override that contains a “+”?

Question

I\'m using the Amazon .NET SDK to generate a pre-signed URL like this:

public System.Web.Mvc.ActionResult AsActionResult(string contentType, string contentDi         


        

Answer 1

Strange indeed - I've been able reproduce this easily, with the following observed behavior:

• replacing + in the the URL generated by GetPreSignedURL() with its encoded form %2B yields a working URL/signature
  • this holds true, no matter whether / is replaced with its encoded form %2F or not
• encoding the contentType upfront before calling GetPreSignedURL(), e.g. via the HttpUtility.UrlEncode Method, yields invalid signatures regardless of any variation of the generated URL

Given how long this functionality is available already, this is somewhat surprising, but I'd still consider it to be a bug - accordingly it might be best to inquiry about this in the Amazon Simple Storage Service forum.
Update: I just realized you asked the same question there already and the bug got confirmed indeed, so the correct answer can be figured out over time by monitoring the AWS team response ;)
Update: This bug has been fixed as of Version 1.4.1.0 of the SDK.