AWS signatures v4: don't actually check Content-Type is signed #745

Merged

lx merged 1 commits from fix-signed-headers into main

2024-03-01 12:50:16 +00:00

Author	SHA1	Message	Date
Alex	a36248a169	[fix-signed-headers] aws signatures v4: don't actually check Content-Type is signed ci/woodpecker/push/debug Pipeline was successful Details ci/woodpecker/pr/debug Pipeline was successful Details This page of the AWS docs indicate that Content-Type should be part of the CanonicalHeaders (and therefore SignedHeaders) strings in signature calculation: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html However, testing with Minio Client revealed that it did not sign the Content-Type header, and therefore we broke CI by expecting it to be signed. With this commit, we don't mandate Content-Type to be signed anymore, for better compatibility with the ecosystem. Testing against the official behavior of S3 on AWS has not been done.	2024-03-01 13:12:18 +01:00

Author

SHA1

Message

Date

Alex

a36248a169

[fix-signed-headers] aws signatures v4: don't actually check Content-Type is signed

ci/woodpecker/push/debug Pipeline was successful Details

ci/woodpecker/pr/debug Pipeline was successful Details

This page of the AWS docs indicate that Content-Type should be part of
the CanonicalHeaders (and therefore SignedHeaders) strings in signature
calculation:

https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

However, testing with Minio Client revealed that it did not sign the
Content-Type header, and therefore we broke CI by expecting it to be
signed. With this commit, we don't mandate Content-Type to be signed
anymore, for better compatibility with the ecosystem. Testing against
the official behavior of S3 on AWS has not been done.

2024-03-01 13:12:18 +01:00

AWS signatures v4: don't actually check Content-Type is signed #745

1 Commits