Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(s3-request-presigner): skip hoisting SSE headers #1701

Merged
merged 3 commits into from
Nov 23, 2020

Conversation

AllanZhengYP
Copy link
Contributor

Issue #, if available:
fix: #1576

Description of changes:
When signature-v4 generate a presigned url, it will try to hoist the headers to query strings, so these headers will exist in the url, hense easy to use. However, S3 requres server-side encryption headers to be signed in headers due to S3 limitation. So this change solve the issue by 2 changes:

  1. Add a new config to the signature-v4 presign config unhoistableHeaders. The presigner won't hoist the given headers to query before presign it.
  2. In s3-request-presigner, it detects all the server-side encryption headers, and supply them to the unhoistableHeaders config of the presigner.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@AllanZhengYP AllanZhengYP requested a review from trivikr November 19, 2020 23:07
Copy link
Contributor

@vecerek vecerek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, I think this PR is great 🙂 Thank you so much for the fix!

packages/s3-request-presigner/README.md Outdated Show resolved Hide resolved
packages/types/src/signature.ts Outdated Show resolved Hide resolved
@codecov-io
Copy link

codecov-io commented Nov 20, 2020

Codecov Report

Merging #1701 (94e7b4c) into master (de75f7e) will decrease coverage by 0.00%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1701      +/-   ##
==========================================
- Coverage   79.77%   79.77%   -0.01%     
==========================================
  Files         325      329       +4     
  Lines       12087    12578     +491     
  Branches     2553     2672     +119     
==========================================
+ Hits         9643    10034     +391     
- Misses       2444     2544     +100     
Impacted Files Coverage Δ
...tocol_tests/aws-restxml/commands/XmlMapsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ocol_tests/aws-restxml/commands/XmlBlobsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ocol_tests/aws-restxml/commands/XmlEnumsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ocol_tests/aws-restxml/commands/XmlListsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...col_tests/aws-restjson/commands/JsonMapsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ol_tests/aws-restjson/commands/JsonBlobsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ol_tests/aws-restjson/commands/JsonEnumsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...ol_tests/aws-restjson/commands/JsonListsCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...tests/aws-restxml/commands/XmlAttributesCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
...tests/aws-restxml/commands/XmlNamespacesCommand.ts 95.65% <0.00%> (-4.35%) ⬇️
... and 111 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2cb016f...94e7b4c. Read the comment docs.

Co-authored-by: Attila Večerek <[email protected]>
Copy link
Contributor

@alexforsyth alexforsyth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@AllanZhengYP AllanZhengYP merged commit 1ec70ff into aws:master Nov 23, 2020
@github-actions
Copy link

github-actions bot commented Jan 9, 2021

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Cannot upload files via a pre-signed URL to buckets with enforced server-side-encryption
4 participants