minio-js icon indicating copy to clipboard operation
minio-js copied to clipboard

Published 20 hours ago verified publisher icon minio

SignatureDoesNotMatch when using response-content-disposition with presignedGetObject

Open Menci opened this issue 4 years ago • 6 comments

Create a local MinIO server with a testfile in a testbucket.

const MinIO = require("minio");
const client = new MinIO.Client({
        endPoint: "127.0.0.1",
        port: 9000,
        useSSL: false,
        accessKey: "minioadmin",
        secretKey: "minioadmin"
});

(async () => {
        // SignatureDoesNotMatch
        console.log(await client.presignedGetObject("testbucket", "testfile", 60 * 60 * 24, {
                "response-content-disposition": "attachment; filename*=UTF-8''test.png"
        }));

        // Works
        console.log(await client.presignedGetObject("testbucket", "testfile", 60 * 60 * 24, {
                "response-content-disposition": "attachment; filename=UTF-8test.png"
        }));
})();

The first content-disposition is correct according to RFC 5987. But generated link returns a SignatureDoesNotMatch error. The second is removing some special characters from the first, its link is downloadable.

Menci avatar Jan 20 '20 14:01 Menci

@Menci Thanks for filing the issue, we will take a look

kannappanr avatar Jan 20 '20 16:01 kannappanr

Here is a workaround. The filename works on Chrome, but it's non-standard:

return await this.minioClient.presignedGetObject(
  this.configService.config.fileStorage.bucket,
  uuid,
  FILE_DOWNLOAD_EXPIRE_TIME,
  {
    "response-content-disposition": "attachment; filename=\"" + encodeRFC5987ValueChars(filename) + "\""
  }
);

Menci avatar Jan 21 '20 12:01 Menci

I am getting this error too with filenames containing brackets ( ). The work around does not work on Mac Safari, as Safari will not decode the filename correctly.

Is this issue within minio-js or Minio server? Edit: https://github.com/minio/minio/issues/8897 might be related and suggests it is a client side problem.

lksnmnn avatar Nov 03 '21 07:11 lksnmnn

https://github.com/minio/minio-js/pull/959 did you try ?

prakashsvmx avatar Nov 03 '21 08:11 prakashsvmx

Just tried it. It still can't match the signature.

Test filename: f().png Header added to presignedGetObject

{
  "response-content-disposition": `attachment; filename=${filename}`,
}

It also does not work with filename*=UTF-8''${filename}

lksnmnn avatar Nov 03 '21 08:11 lksnmnn

I believe there might be a difference on how JS and Go (?) encode URLs. I.e. JS does not encode () when using encodeURIComponent, but Go does. Anyway, even if I encode it manually, I still have the problem, that Safari does not care. So actually minio server would need to not encode these non-reserverd characters ?!

lksnmnn avatar Nov 03 '21 09:11 lksnmnn