Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws/signer/v4: Fix presign hoisting for x-amz-tagging header #1017

Merged
merged 3 commits into from
Jan 5, 2021
Merged

aws/signer/v4: Fix presign hoisting for x-amz-tagging header #1017

merged 3 commits into from
Jan 5, 2021

Conversation

jasdel
Copy link
Contributor

@jasdel jasdel commented Jan 5, 2021

The x-amz-tagging header should not be hoisted to the query string and must be sent as a signed header. If the value is hoisted to the query string in a presigned Put, it is ignored by Amazon S3.

Fixes #1016

@jasdel
aws/signer/v4: Fix presign hoisting for x-amz-tagging header
58b5431 
The x-amz-tagging header should not be hoisted to the query string and
must be sent as a signed header. If the value is hoisted to the query
string in a presigned Put, it is ignored by Amazon S3.
@jasdel
update gohash
352d84a
@jasdel
regenerate apis
1521c3d
skotambkar
skotambkar reviewed Jan 5, 2021
View reviewed changes
aws/signer/internal/v4/headers.go
@@ -53,6 +53,7 @@ var RequiredSignedHeaders = Rules{
"X-Amz-Storage-Class": struct{}{},
"X-Amz-Website-Redirect-Location": struct{}{},
"X-Amz-Content-Sha256": struct{}{},
"X-Amz-Tagging": struct{}{},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Is this a valid change for any other rest based service apart from s3 which use this Header?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this would be valid for all other services, as not hoisting headers is valid approach. In addition S3 is the only service that sends this header for a presigned url.

@jasdel jasdel merged commit 7a98dae into main Jan 5, 2021
@jasdel jasdel deleted the jasdel/fixup/S3TaggingPresign branch January 5, 2021 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skmcgrail skmcgrail skmcgrail approved these changes

@skotambkar skotambkar skotambkar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

service/s3: presigned PutObject with Tagging set does not add tagging to object in S3 bucket.
3 participants
@jasdel @skmcgrail @skotambkar