Open ebiggers opened 11 years ago
mjschultz
commented
11 years ago I can certainly fix the error reporting a bit, but I haven't been able to reproduce a 403 forbidden message yet. I'll try with a different account on a different computer later today, though.
ebiggers
commented
11 years ago For some reason the problem only happens on Chromium (I also tried Firefox and Midori).
mjschultz
commented
11 years ago Hmmm, what version of Chromium? I have 28.0.1500.71 (209842) on OS X.
Are you still on 28.0.1500.95, and what O/S?
ebiggers
commented
11 years ago It was 29.0.1547.62 on Linux, but I just downgraded to 27.0.1453.110 and the same problem occurred.
In the Network tab of the developer tools I see that the PUT to boot-xinu-os-org.s3.amazonaws.com failed with status 403.
Perhaps it's a problem with how the (temporary?) access key is being sent?
mjschultz
commented
11 years ago I think the 403 response from amazon s3 usually includes a xml document that says the forbidden reason, if it is the access key it should say something to that effect. You should be able to see it by double clicking the request and clicking the response tab.
ebiggers
commented
11 years ago The response I got was:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><StringToSignBytes>50 55 54 0a 0a 2c 0a 31 33 37 38 33 35 35 36 30 38 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 2f 62 6f 6f 74 2d 78 69 6e 75 2d 6f 73 2d 6f 72 67 2f 6b 65 72 6e 65 6c 73 2f 37 33 2f 37 33 63 62 34 32 36 64 38 63 66 30 64 63 38 30 63 38 34 66 37 39 32 63 30 34 61 62 39 62 61 34 39 30 31 33 64 63 32 38 2e 62 69 6e</StringToSignBytes><RequestId>F74DA21765F96451</RequestId><HostId>+gRysTlmzm2WBXna6T4rvDJeM0Vpl+UEGdnJRwq3PeoQaHVixro/d1O/oi7Dpt8H</HostId><SignatureProvided>w/pF3CRshz+wLJ3RzMXoH0IBIF0=</SignatureProvided><StringToSign>PUT
,
1378355608
x-amz-acl:public-read
/boot-xinu-os-org/kernels/73/73cb426d8cf0dc80c84f792c04ab9ba49013dc28.bin</StringToSign><AWSAccessKeyId>AKIAIPY2QPYD34PXMLVA</AWSAccessKeyId></Error>Thanks.
It looks like the mime type that chromium is sending to the s3 signer is incorrect (empty). I'm not sure why that is though. The Amazon response indicates that I signed with a "," as the mime type though, which is not what is in the corresponding request (which is just empty).
I made a small change to force the mime type to be blank if it doesn't have a "/" in it, but I'm not sure if it'll work.
If you get the chance can you try again and include the error response from amazon?
(I have Fedora 19 with Chromium 27.0.1453.93, but it doesn't show the error. I'll try to find one of the versions you have though.)
ebiggers
commented
11 years ago Still didn't work. Headers and response below.
Request URL:https://boot-xinu-os-org.s3.amazonaws.com/kernels/b6/b614c7cdd79a19801cc0c4569ca84afe8a7ec2ce.bin?Signature=UXn2j6RT0aFXiVqprjyKDhOvQ08%3D&Expires=1378439799&AWSAccessKeyId=AKIAIPY2QPYD34PXMLVA
Request Method:PUT
Status Code:403 Forbidden
Request Headers
PUT /kernels/b6/b614c7cdd79a19801cc0c4569ca84afe8a7ec2ce.bin?Signature=UXn2j6RT0aFXiVqprjyKDhOvQ08%3D&Expires=1378439799&AWSAccessKeyId=AKIAIPY2QPYD34PXMLVA HTTP/1.1
Host: boot-xinu-os-org.s3.amazonaws.com
Connection: keep-alive
Content-Length: 209116
x-amz-acl: public-read
Origin: http://boot.xinu-os.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.65 Safari/537.36
Content-Type: ,
Accept: */*
DNT: 1
Referer: http://boot.xinu-os.org/kernels/upload/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Query String Parameters
Signature=UXn2j6RT0aFXiVqprjyKDhOvQ08%3D&Expires=1378439799&AWSAccessKeyId=AKIAIPY2QPYD34PXMLVA
Response Headers
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: http://boot.xinu-os.org
Access-Control-Allow-Methods: GET, POST, PUT
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: BB5B38AA0AA6027B
x-amz-id-2: b0RmsVQC5bWwwDEutjzIDutnpRV/OtcWBNn3UWj+9ZB+AUdvX6UhsbGJ5GeMlKWA
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 06 Sep 2013 03:51:39 GMT
Connection: close
Server: AmazonS3<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><StringToSignBytes>50 55 54 0a 0a 2c 0a 31 33 37 38 34 33 39 37 39 39 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 2f 62 6f 6f 74 2d 78 69 6e 75 2d 6f 73 2d 6f 72 67 2f 6b 65 72 6e 65 6c 73 2f 62 36 2f 62 36 31 34 63 37 63 64 64 37 39 61 31 39 38 30 31 63 63 30 63 34 35 36 39 63 61 38 34 61 66 65 38 61 37 65 63 32 63 65 2e 62 69 6e</StringToSignBytes><RequestId>BB5B38AA0AA6027B</RequestId><HostId>b0RmsVQC5bWwwDEutjzIDutnpRV/OtcWBNn3UWj+9ZB+AUdvX6UhsbGJ5GeMlKWA</HostId><SignatureProvided>UXn2j6RT0aFXiVqprjyKDhOvQ08=</SignatureProvided><StringToSign>PUT
,
1378439799
x-amz-acl:public-read
/boot-xinu-os-org/kernels/b6/b614c7cdd79a19801cc0c4569ca84afe8a7ec2ce.bin</StringToSign><AWSAccessKeyId>AKIAIPY2QPYD34PXMLVA</AWSAccessKeyId></Error>
Uploading a kernel fails (status 403 Forbidden) when sending it to S3.
Note that this error isn't reported to the user other than by turning the progress bar red, so I was initially confused about why it wasn't working.