Signature-V4: Include content-length for signature calculation. (#2643)

This is to be compatible with clients which includes content-length for signature calculation (and hence deviating from AWS Signature-v4 spec)
2025-11-07 21:02:58 -05:00 · 2016-09-09 22:08:07 +05:30
parent a4afb312d4
commit 400e9309f1
3 changed files with 56 additions and 2 deletions
--- a/cmd/signature-v4.go
+++ b/cmd/signature-v4.go
@@ -342,8 +342,21 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, validateRegion bo
 		return ErrContentSHA256Mismatch
 	}

+	header := req.Header
+
+	// Signature-V4 spec excludes Content-Length from signed headers list for signature calculation.
+	// But some clients deviate from this rule. Hence we consider Content-Length for signature
+	// calculation to be compatible with such clients.
+	for _, h := range signV4Values.SignedHeaders {
+		if h == "content-length" {
+			header = cloneHeader(req.Header)
+			header.Add("content-length", strconv.FormatInt(r.ContentLength, 10))
+			break
+		}
+	}
+
 	// Extract all the signed headers along with its values.
-	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, req.Header)
+	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, header)
 	if errCode != ErrNone {
 		return errCode
 	}