aws-sdk-ruby: S3 presigned urls using response_expires convert values to ISO8601 instead of http-date
Confirm by changing [ ] to [x] below to ensure that it’s a bug:
- I’ve gone though Developer Guide for v3 and API reference
- I’ve checked AWS Forums and StackOverflow for answers
- I’ve searched for previous similar issues and didn’t find any solution
Describe the bug
For S3 presigned URL generation, supplying the response_expires param will result in a presigned URL asking for a response-expires
value in iso8601 format, which results in a subsequent S3 response with an HTTP Expires
header with a value in ISO8601 format. Eg, 2015-10-21T07:28:00Z
.
This is not a legal value for the Expires
header, which should be in http-date format instead. Eg Wed, 21 Oct 2015 07:28:00 GMT
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
Gem name (‘aws-sdk’, ‘aws-sdk-resources’ or service gems like ‘aws-sdk-s3’) and its version
aws-sdk-s3 1.81.1
Version of Ruby, OS environment
ruby 2.6.6p146 (2020-03-31 revision 67876) [x86_64-darwin19]
To Reproduce (observed behavior)
bucket.object(object_key).presigned_url(:get, response_expires: "Wed, 21 Oct 2015 07:28:00 GMT")
This results in a presigned URL which has in it the query param response-expires=2015-10-21T07%3A28%3A00Z
When this URL is requested from s3, the response has a header Expires: 2015-10-21T07:28:00Z
Expected behavior
The response-expires
query in the generated URL, which is used to create the signature as well, should be in http-date format, not ISO8601 format. The query param for above example should look instead like: response-expires=Wed%2C%2021%20Oct%202015%2007%3A28%3A00%20GMT
In order to result in a response from S3 with a standards-compliant Expires
header that will be interpreted by user-agents as intended, Expires: Wed, 21 Oct 2015 07:28:00 GMT
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 15 (11 by maintainers)
FYI - I’ve gotten this approved by senior leaders (because it will be a behavior change for all SDKs) and this is planned for around 12/21 after re:Invent.
I haven’t forgotten about this. I am preparing a release with S3. I also tracked down the release where this breakage occurred: https://github.com/aws/aws-sdk-ruby/commit/03f80307dff047621ea95108775d3abc8b70efb7#diff-885d88e0d8505b74befae6d25478446244da798f4ab6bff3e2886957bba983b7
I am probably going to get some flak for this change, because it’s going to change behavior for other SDKs too, but it is the correct fix.
I suspect that this is a service modeling issue. Here we are checking the timestampFormat of any shapes and there is none declared, so it defaults to ISO format. The ResponseExpires shape on the model should have a timestampFormat of
rfc822
. I need to check with other SDK teams on this.