diff options
| -rw-r--r-- | src/api/signature/payload.rs | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs index 4c7934e5..e264392b 100644 --- a/src/api/signature/payload.rs +++ b/src/api/signature/payload.rs @@ -27,8 +27,10 @@ pub async fn check_payload_signature( headers.insert(key.to_string(), val.to_str()?.to_string()); } if let Some(query) = request.uri().query() { + trace!("got query: {}", query); let query_pairs = url::form_urlencoded::parse(query.as_bytes()); for (key, val) in query_pairs { + trace!("query pair: `{}` = `{}`", key, val); headers.insert(key.to_lowercase(), val.to_string()); } } @@ -56,6 +58,7 @@ pub async fn check_payload_signature( &headers, &authorization.signed_headers, &authorization.content_sha256, + service != "s3", ); let (_, scope) = parse_credential(&authorization.credential)?; let string_to_sign = string_to_sign(&authorization.date, &scope, &canonical_request); @@ -236,10 +239,16 @@ pub fn canonical_request( headers: &HashMap<String, String>, signed_headers: &str, content_sha256: &str, + double_encode_path: bool, ) -> String { + let path: std::borrow::Cow<str> = if double_encode_path { + uri_encode(uri.path(), false).into() + } else { + uri.path().into() + }; [ method.as_str(), - uri.path(), + &path, &canonical_query_string(uri), &canonical_header_string(headers, signed_headers), "", |