Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPTIONS requests on presigned URL's wrongly check signature, causing failure for client-side requests #411

Closed
mmezei opened this issue Mar 23, 2022 · 8 comments
Closed

OPTIONS requests on presigned URL's wrongly check signature, causing failure for client-side requests #411

mmezei opened this issue Mar 23, 2022 · 8 comments

Comments

@mmezei
Copy link
Contributor

mmezei commented Mar 23, 2022
edited
Loading

When a browser based application uses a pre-signed URL to s3proxy (typically generated by its API), it would issue a CORS preflight OPTIONS request first. This request wrongly causes the entire operation to fail as browser does not include content-md5 and x-amz-acl headers that are required for successful signature validation. The OPTIONS request failure is a SignatureDoesNotMatch error. Amazon and Digital Ocean do not check the signature on a preflight OPTIONS request. I was able to see this by sending them a request with a bogus signature..
@rajivml
Copy link

rajivml commented Jan 18, 2023

@mmezei were you able to get pass this issue? am running into a similar issue

@mmezei
Copy link
Contributor Author

mmezei commented Jan 18, 2023 via email

@gaul
Copy link
Owner

gaul commented Jan 19, 2023

Sorry I don't know much about CORS. @snoe925 is this something you could look at?

@mmezei Any reason you are maintaining a fork instead of merging fixes upstream? Switch-TV@9786ab0 seems like a plausible fix.

@mmezei
Copy link
Contributor Author

mmezei commented Jan 19, 2023 via email

@rajivml
Copy link

rajivml commented Jan 19, 2023

thanks @mmezei , this works

@rajivml rajivml mentioned this issue Jan 19, 2023
Open
@daveanderson
Copy link

Is this Switch-TV@9786ab0 fix something that can be applied and included in a release? (I'd rather not run have to run a fork)

@Wamy-Dev
Copy link

Wamy-Dev commented Feb 7, 2024

this is still an issue for me. Any possibility of a fix @gaul ?

@gaul gaul closed this as completed in 6bb0250 Feb 7, 2024
@gaul
Copy link
Owner

gaul commented Feb 7, 2024

I cherry-picked this but please just submit pull requests in the future.

gaul pushed a commit that referenced this issue Feb 7, 2024
@mmezei @gaul
Remove tests that expect signature failure on OPTIONS preflight
435eb37 
References #411.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gaul @daveanderson @mmezei @Wamy-Dev @rajivml