anomalizer / ngx_aws_auth

nginx module to proxy to authenticated AWS services
BSD 2-Clause "Simplified" License
470 stars 144 forks source link

Non-subresource query params generate SignatureDoesNotMatch errors #18

Open cap10morgan opened 8 years ago

cap10morgan commented 8 years ago

We're using this to serve a small JS webapp from S3. Its Javascript code uses a few query parameters, but when we append those to our requests, it results in SignatureDoesNotMatch errors.

An example query param that it has failed on is foo.html?polling-location. A request to just foo.html succeeds.

This is with the latest master HEAD code of this module running in nginx 1.9.3.

Let me know if you need more info to reproduce or diagnose.

cap10morgan commented 8 years ago

We just discovered that query params with location (or website or presumably any other signed_subresource string) at the end of the query param name causes this to fail, but otherwise they work. So it seems like the signed_subresource code just needs to ensure that it only grabs query params where the whole string matches, not just a suffix.

anomalizer commented 8 years ago

Please try the new code on master. This should take care of your issue

jpizarrom commented 7 years ago

I,ve the same problem. I will try to add chop prefix param