aws-sdk-perl icon indicating copy to clipboard operation
aws-sdk-perl copied to clipboard

Published 20 hours ago verified publisher icon pplu

"Forbidden" when accessing S3 keys with encoded characters.

Open galenhuntington opened this issue 5 years ago • 3 comments

I see a few past/pending issues about encoding problems (#111, #221), but none seem to be hitting the problem I am, which is that these operations are being rejected by AWS entirely, not even encoded or double-encoded.

E.g., Paws->service('S3', region => 'us-east-1')->PutObject(Key => 'test@test', Bucket => 'TestBucket', Body => 'test')) fails with Forbidden.

The problem appears to be that the V4 signature does not match the headers, because they are signed with the uri field URI-encoded. As evidence, when just before signing the request here https://github.com/pplu/aws-sdk-perl/blob/4c81b41298dbd5fd94c14fc9a1a4f3d7271003a0/lib/Paws/Net/S3Signature.pm#L44 I alter the request object by decoding its uri field in-place, then the operations succeed.

I haven't dug much deeper, but perhaps that field should never have been encoded in the first place. I tried a change similar to that in #220 (closed for some reason), and that seems to consistently succeed for my use cases, although maybe for more exotic characters there would be problems.

galenhuntington avatar Apr 03 '19 02:04 galenhuntington

Hi, have you checked your Net::Amazon::Signature::V4 version? see #359, it seems something changed (havent looked at what, yet)

castaway avatar Jan 28 '20 16:01 castaway

My V4 version is 0.19, so it looks like the same issue as #359.

galenhuntington avatar Jan 28 '20 17:01 galenhuntington

This can be fixed by upgrading Net::Amazon::Signature::V4 to the new 0.20 release

castaway avatar Mar 16 '20 11:03 castaway