From b23623f1cda3edfee3cb99e3f6ad9b1f921b588a Mon Sep 17 00:00:00 2001
From: Josh Schneier <josh.schneier@gmail.com>
Date: Fri, 23 Jun 2017 00:32:56 -0400
Subject: [PATCH] Revert default AWS_S3_SIGNATURE_VERSION

---
 docs/backends/amazon-S3.rst  | 34 ++++++++++++++++++++--------------
 storages/backends/s3boto3.py |  2 +-
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/docs/backends/amazon-S3.rst b/docs/backends/amazon-S3.rst
index 7689b6ce6..0e2aef2dd 100644
--- a/docs/backends/amazon-S3.rst
+++ b/docs/backends/amazon-S3.rst
@@ -14,9 +14,11 @@ for the forseeable future.
 For historical completeness an extreme legacy backend was removed
 in version 1.2
 
-If using the boto backend it is recommended that you configure it to also use
-`AWS Signature Version 4`_. This can be done by adding ``S3_USE_SIGV4 = True`` to
-your settings and setting the ``AWS_S3_HOST`` configuration option.
+If using the boto backend on a new project (not recommended) it is recommended
+that you configure it to also use `AWS Signature Version 4`_. This can be done
+by adding ``S3_USE_SIGV4 = True`` to your settings and setting the ``AWS_S3_HOST``
+configuration option. For regions created after January 2014 this is your only
+option if you insist on using the boto backend.
 
 Settings
 --------
@@ -53,7 +55,6 @@ Available are numerous settings. It should be especially noted the following:
 ``AWS_HEADERS`` (optional - boto only, for boto3 see ``AWS_S3_OBJECT_PARAMETERS``)
     If you'd like to set headers sent with each file of the storage::
 
-        # see http://developer.yahoo.com/performance/rules.html#expires
         AWS_HEADERS = {
             'Expires': 'Thu, 15 Apr 2010 20:00:00 GMT',
             'Cache-Control': 'max-age=86400',
@@ -67,9 +68,9 @@ Available are numerous settings. It should be especially noted the following:
         }
 
 ``AWS_QUERYSTRING_AUTH`` (optional; default is ``True``)
-    Setting ``AWS_QUERYSTRING_AUTH`` to ``False`` removes `query parameter
-    authentication`_ from generated URLs. This can be useful if your S3 buckets are
-    public.
+    Setting ``AWS_QUERYSTRING_AUTH`` to ``False`` to remove query parameter
+    authentication from generated URLs. This can be useful if your S3 buckets
+    are public.
 
 ``AWS_QUERYSTRING_EXPIRE`` (optional; default is 3600 seconds)
     The number of seconds that a generated URL is valid for.
@@ -83,8 +84,13 @@ Available are numerous settings. It should be especially noted the following:
 ``AWS_S3_HOST`` (optional - boto only, default is ``s3.amazonaws.com``)
 
   To ensure you use `AWS Signature Version 4`_ it is recommended to set this to the host of your bucket. See the
-  `mapping of region to endpoint names`_ to figure out the appropriate endpoint for your bucket. Also be sure to
-  add ``S3_USE_SIGV4 = True`` to settings.py
+  `S3 region list`_ to figure out the appropriate endpoint for your bucket. Also be sure to add
+  ``S3_USE_SIGV4 = True`` to settings.py
+
+  .. note::
+
+    The signature versions are not backwards compatible so be careful about url endpoints if making this change
+    for legacy projects.
 
 ``AWS_LOCATION`` (optional: default is `''`)
     A path prefix that will be prepended to all uploads
@@ -107,14 +113,14 @@ Available are numerous settings. It should be especially noted the following:
 ``AWS_S3_CALLING_FORMAT`` (optional: default is ``SubdomainCallingFormat()``)
     Defines the S3 calling format to use to connect to the static bucket.
 
-``AWS_S3_SIGNATURE_VERSION`` (optional - boto3 only: default is ``s3v4``)
+``AWS_S3_SIGNATURE_VERSION`` (optional - boto3 only)
 
-  All AWS regions support the v4 version of the signing protocol. To use the legacy v2 set this to ``'s3'``. Some non-Amazon S3
-  implementations might require this change.
+  All AWS regions support v4 of the signing protocol. To use it set this to ``'s3v4'``. It is recommended
+  to do this for all new projects and required for all regions launched after January 2014. To see
+  if your region is one of them you can view the `S3 region list`_.
 
-.. _query parameter authentication: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
 .. _AWS Signature Version 4: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
-.. _mapping of region to endpoint names: http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+.. _S3 region list: http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
 
 CloudFront
 ~~~~~~~~~~
diff --git a/storages/backends/s3boto3.py b/storages/backends/s3boto3.py
index 0ce52738d..c85a8a49a 100644
--- a/storages/backends/s3boto3.py
+++ b/storages/backends/s3boto3.py
@@ -191,7 +191,7 @@ class S3Boto3Storage(Storage):
     bucket_acl = setting('AWS_BUCKET_ACL', default_acl)
     querystring_auth = setting('AWS_QUERYSTRING_AUTH', True)
     querystring_expire = setting('AWS_QUERYSTRING_EXPIRE', 3600)
-    signature_version = setting('AWS_S3_SIGNATURE_VERSION', 's3v4')
+    signature_version = setting('AWS_S3_SIGNATURE_VERSION')
     reduced_redundancy = setting('AWS_REDUCED_REDUNDANCY', False)
     location = setting('AWS_LOCATION', '')
     encryption = setting('AWS_S3_ENCRYPTION', False)