amazonka icon indicating copy to clipboard operation
amazonka copied to clipboard
verified publisher icon brendanhay

presigned URL has invalid signature when S3 PutObject contains tagging

Open AleXoundOS opened this issue 11 months ago • 1 comments

This produces a URL with valid signature:

A.presignURL
  env
  signingTime
  expirationSec
  (newPutObject bucketName objectKey (A.toBody B.empty))

However, this produces a URL with invalid signature:

A.presignURL
  env
  signingTime
  expirationSec
  ( (newPutObject bucketName objectKey (A.toBody B.empty))
      { tagging = Just tagSetTxt
      }
  )

AWS responds with:

The request signature we calculated does not match the signature you provided. Check your key and signing method.

SignedHeaders changes:

- X-Amz-SignedHeaders=host
+ X-Amz-SignedHeaders=host%3Bx-amz-tagging

It seems here are some insights: https://stackoverflow.com/a/77418874/1663197.

I use Amazonka 2.0.

AleXoundOS avatar Jan 16 '25 22:01 AleXoundOS

Taggings are encoded as query parameters. I recently fixed a bug with request signing of query parameters; can you check latest main and see if this is still an issue? Thanks.

endgame avatar Mar 25 '25 09:03 endgame