minio-js
minio-js copied to clipboard
SignatureDoesNotMatch when using response-content-disposition with presignedGetObject
Create a local MinIO server with a testfile
in a testbucket
.
const MinIO = require("minio");
const client = new MinIO.Client({
endPoint: "127.0.0.1",
port: 9000,
useSSL: false,
accessKey: "minioadmin",
secretKey: "minioadmin"
});
(async () => {
// SignatureDoesNotMatch
console.log(await client.presignedGetObject("testbucket", "testfile", 60 * 60 * 24, {
"response-content-disposition": "attachment; filename*=UTF-8''test.png"
}));
// Works
console.log(await client.presignedGetObject("testbucket", "testfile", 60 * 60 * 24, {
"response-content-disposition": "attachment; filename=UTF-8test.png"
}));
})();
The first content-disposition
is correct according to RFC 5987. But generated link returns a SignatureDoesNotMatch error. The second is removing some special characters from the first, its link is downloadable.
@Menci Thanks for filing the issue, we will take a look
Here is a workaround. The filename works on Chrome, but it's non-standard:
return await this.minioClient.presignedGetObject(
this.configService.config.fileStorage.bucket,
uuid,
FILE_DOWNLOAD_EXPIRE_TIME,
{
"response-content-disposition": "attachment; filename=\"" + encodeRFC5987ValueChars(filename) + "\""
}
);
I am getting this error too with filenames containing brackets ( )
. The work around does not work on Mac Safari, as Safari will not decode the filename correctly.
Is this issue within minio-js or Minio server? Edit: https://github.com/minio/minio/issues/8897 might be related and suggests it is a client side problem.
https://github.com/minio/minio-js/pull/959 did you try ?
Just tried it. It still can't match the signature.
Test filename: f().png
Header added to presignedGetObject
{
"response-content-disposition": `attachment; filename=${filename}`,
}
It also does not work with filename*=UTF-8''${filename}
I believe there might be a difference on how JS and Go (?) encode URLs. I.e. JS does not encode ()
when using encodeURIComponent
, but Go does. Anyway, even if I encode it manually, I still have the problem, that Safari does not care. So actually minio server would need to not encode these non-reserverd characters ?!