Skip to content

Commit

Permalink
aws/signer/v4: Correct V4 presign signature to include content sha25 …
Browse files Browse the repository at this point in the history
…in url

Updates the V4 signer so that when a Presign is generated the
X-Amz-Content-Sha256 header is added to the query string instead of
being required to be in the header. This allows you to generate
presigned URLs for GET requests, e.g S3.GetObject that do not require
additional headers to be set by the downstream users of the presigned
URL.

Related to aws#1467
  • Loading branch information
jasdel committed Aug 15, 2017
1 parent 12e649d commit 62cae32
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
12 changes: 9 additions & 3 deletions aws/request/request.go
Original file line number Diff line number Diff line change
Expand Up @@ -269,11 +269,17 @@ func (r *Request) Presign(expireTime time.Duration) (string, error) {
return r.HTTPRequest.URL.String(), nil
}

// PresignRequest behaves just like presign, but hoists all headers and signs them.
// Also returns the signed hash back to the user
// PresignRequest behaves just like presign, with the addition of returning a
// set of headers that were signed.
//
// Returns the URL string for the API operation with signature in the query string,
// and the HTTP headers that were included in the signature. These headers must
// be included in any HTTP request made with the presigned URL.
//
// To prevent hoisting any headers to the query string set NotHoist to true on
// this Request value prior to calling PresignRequest.
func (r *Request) PresignRequest(expireTime time.Duration) (string, http.Header, error) {
r.ExpireTime = expireTime
r.NotHoist = true
r.Sign()
if r.Error != nil {
return "", nil, r.Error
Expand Down
3 changes: 2 additions & 1 deletion aws/signer/v4/v4.go
Original file line number Diff line number Diff line change
Expand Up @@ -502,6 +502,8 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) {
ctx.buildTime() // no depends
ctx.buildCredentialString() // no depends

ctx.buildBodyDigest()

unsignedHeaders := ctx.Request.Header
if ctx.isPresign {
if !disableHeaderHoisting {
Expand All @@ -513,7 +515,6 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) {
}
}

ctx.buildBodyDigest()
ctx.buildCanonicalHeaders(ignoredHeaders, unsignedHeaders)
ctx.buildCanonicalString() // depends on canon headers / signed headers
ctx.buildStringToSign() // depends on canon string
Expand Down

0 comments on commit 62cae32

Please sign in to comment.