aboutsummaryrefslogtreecommitdiff
path: root/src/api/signature/payload.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/signature/payload.rs')
-rw-r--r--src/api/signature/payload.rs11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/api/signature/payload.rs b/src/api/signature/payload.rs
index 4c7934e5..e264392b 100644
--- a/src/api/signature/payload.rs
+++ b/src/api/signature/payload.rs
@@ -27,8 +27,10 @@ pub async fn check_payload_signature(
headers.insert(key.to_string(), val.to_str()?.to_string());
}
if let Some(query) = request.uri().query() {
+ trace!("got query: {}", query);
let query_pairs = url::form_urlencoded::parse(query.as_bytes());
for (key, val) in query_pairs {
+ trace!("query pair: `{}` = `{}`", key, val);
headers.insert(key.to_lowercase(), val.to_string());
}
}
@@ -56,6 +58,7 @@ pub async fn check_payload_signature(
&headers,
&authorization.signed_headers,
&authorization.content_sha256,
+ service != "s3",
);
let (_, scope) = parse_credential(&authorization.credential)?;
let string_to_sign = string_to_sign(&authorization.date, &scope, &canonical_request);
@@ -236,10 +239,16 @@ pub fn canonical_request(
headers: &HashMap<String, String>,
signed_headers: &str,
content_sha256: &str,
+ double_encode_path: bool,
) -> String {
+ let path: std::borrow::Cow<str> = if double_encode_path {
+ uri_encode(uri.path(), false).into()
+ } else {
+ uri.path().into()
+ };
[
method.as_str(),
- uri.path(),
+ &path,
&canonical_query_string(uri),
&canonical_header_string(headers, signed_headers),
"",