New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expect header included in the list of the SignedHeaders for AWS4 signature #10170
Comments
I cannot reproduce the issue. We add a |
Can you please post the transcript from the log drawer (⌘-L) when trying to create a bucket? |
I did not know about ( CMD-L ) ! thank you
|
I start to think this could be a nginx bug. In nginx if I add the directive:
the header is not forwarded, even if it is logged in the Nginx log file. If I add the directive
then the header is added and the signature verifies correctly. Note that all the others SignedHeaders are forwarded without a special config, is just this Expect header that has problems. Nginx version 1.12.1-0+xenial0 |
I found a workaround in my Nginx config
|
Unfortunately the workaround in the Nginx configuration doesn't work as expected. We use Nginx as a pure proxy, and because Nginx try to minimize the communication with the backend, it will not forward the "Expect: 100-continue". It is the default behaviour of Nginx, and it is not possible to disable it.
Why do you include the Expect header in the AWS4 SignedHeaders signature? This header is not relevant for the content of the request, and does not carry any useful information. |
I would also strongly suggest not to include in the signature the Thank you |
In b29f649. Upstream change in (iterate-ch/jets3t@bc17d73). |
Milestone renamed |
I have a problem with Cyberduck 6.3.1 connecting to my Rados Gateway with the S3 protocol.
Cyberduck does not send the Expect header, but adds it in the list of the SignedHeaders.
The AWS4 signature is not working because Cyberduck sends this Authentication header:
The SignedHeaders contains the "expect" header, however Cyberduck is not sending this header out in the HTTP request.
I tried adding with Nginx in the middle the missing header:
and this fixed it, now the backend can verify the signature because the header is there.
to reproduce just try to create a new bucket
I use this profile:
The text was updated successfully, but these errors were encountered: