-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature mismatch issue with S3Client #6618
Comments
Hey @GowthamShanmugam, I understand you're facing a signature mismatch error when using the S3Client in React with a proxy setup. Similar issue reported before - https://repost.aws/questions/QUHe03UXDtR-Ou5VS7exfK9w/making-s3-api-calls-through-and-nginx-reverse-proxy To adress this problem, you can use a custom signer that overrides the host used in the signature calculation. Here's how you can modify your code to implement this solution:
import { S3Client, ListBucketsCommand } from "@aws-sdk/client-s3";
import { SignatureV4 } from "@aws-sdk/signature-v4";
import { Sha256 } from "@aws-crypto/sha256-browser";
const createCustomSigner = (region, credentials) => {
const signer = new SignatureV4({
credentials: credentials,
region: region,
service: 's3',
sha256: Sha256
});
return async (request) => {
request.headers.host = 's3-test.devcluster.openshift.com';
return signer.sign(request);
};
};
const client = new S3Client({
endpoint: 'http://localhost:9000/s3-path',
forcePathStyle: true,
region: 'your-region', // Replace with your S3 region
credentials: {
accessKeyId: accessKeyId,
secretAccessKey: secretAccessKey,
},
signer: createCustomSigner('your-region', {
accessKeyId: accessKeyId,
secretAccessKey: secretAccessKey,
})
}); Please try the steps posted above and let me know if that solves the issue Thanks! |
This solution is not working, requests do not have any field called header
I tried adding a header and host in the request before assigning it to the signer.sig but still the same issue. Also return signer.sign(request); type is not assignable to signer |
I changed the code to
But it gives the same issue, the host value is changing in the header but I am not sure why signature creation still using the old host. |
Hey @GowthamShanmugam , I found this thread would be helpful. You can change the request to const request = new HttpRequest({
headers: {
"Content-Type": "application/json",
host: host,
},
hostname: host,
method: "POST",
path: `${index}/_search`,
body: JSON.stringify(query),
}); And sign request like this : const signer = new SignatureV4({
credentials: creds,
region: region,
service: "es",
sha256: Sha256,
});
const signedRequest = await signer.sign(request); |
Does that mean I can't use S3Client? May I know why Signature is still using the old header? from where it is getting the header? |
Checkboxes for prior research
Describe the bug
I am faceing a similar issue, In react I am using S3Client with endpoint: proxy_url.
The server will receive this request at localhost:9000/s3-path and redirect it to s3-test.devcluster.openshift.com.
The same signature mismatch error is appearing for me. X-Amz-SignedHeaders=host is the issue. To generate the signature, the first call used localhost:9000 as the host. However, the host header that the S3 server receives is s3-test.devcluster.openshift.com. It results in a mismatch in signatures.
How do i resolve this issue?
Regression Issue
SDK version number
"@aws-sdk/client-s3": "3.667.0",
Which JavaScript Runtime is this issue in?
Browser
Details of the browser/Node.js/ReactNative version
md/browser#Chrome_129.0.0.0
Reproduction Steps
N/A
Observed Behavior
Error Loading : The request signature we calculated does not match the signature you provided. Check your AWS secret access key and signing method. For more information, see REST Authentication and SOAP Authentication for details.
Expected Behavior
It should return list of buckets
Possible Solution
No response
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: