发表新帖
发表新帖

Why is my S3 pre-signed request invalid when I set a response header override that contains a “+”?

后端 未结
关注
2 969
刺人心
刺人心 2020-12-19 08:23

I\'m using the Amazon .NET SDK to generate a pre-signed URL like this:

public System.Web.Mvc.ActionResult AsActionResult(string contentType, string contentDi
相关标签:
2条回答
  • 故里飘歌
    2020-12-19 09:04

    Update

    This bug has been fixed as of Version 1.4.1.0 of the SDK.

    Workaround

    This is a confirmed bug in the AWS SDK, so until they issue a fix I'm going with this hack to make things work:

    Specify the content type exactly how you want it to look like in the response header. So, if you want S3 to return a content type of image/svg+xml, set it exactly like this:

    ResponseHeaderOverrides headerOverrides = new ResponseHeaderOverrides();
headerOverrides.ContentType = "image/svg+xml";

    Now, go ahead and generate the pre signed request as usual:

    GetPreSignedUrlRequest request = new GetPreSignedUrlRequest()
  .WithBucketName(bucketName)
  .WithKey(objectKey)
  .WithProtocol(Protocol.HTTPS)
  .WithExpires(DateTime.Now.AddMinutes(6))
  .WithResponseHeaderOverrides(headerOverrides);

string url = S3Client.GetPreSignedURL(request);

    Finally, "fix" the resulting URL with the properly URL encoded value for your content type:

    url = url.Replace(contentType, HttpUtility.UrlEncode(contentType));

    Yes, it's a dirty workaround but, hey, it works for me! :)

    0 讨论(0)
  • 甜味超标
    2020-12-19 09:22

    Strange indeed - I've been able reproduce this easily, with the following observed behavior:

    • replacing + in the the URL generated by GetPreSignedURL() with its encoded form %2B yields a working URL/signature
      • this holds true, no matter whether / is replaced with its encoded form %2F or not
    • encoding the contentType upfront before calling GetPreSignedURL(), e.g. via the HttpUtility.UrlEncode Method, yields invalid signatures regardless of any variation of the generated URL

    Given how long this functionality is available already, this is somewhat surprising, but I'd still consider it to be a bug - accordingly it might be best to inquiry about this in the Amazon Simple Storage Service forum.
    Update: I just realized you asked the same question there already and the bug got confirmed indeed, so the correct answer can be figured out over time by monitoring the AWS team response ;)
    Update: This bug has been fixed as of Version 1.4.1.0 of the SDK.

    0 讨论(0)
 看不清?
提交回复
热议问题