oneto1 opened a new issue, #8749: URL: https://github.com/apache/apisix/issues/8749
### Current Behavior * safari download chinese named file from s3 presigned url via apisix , but get garbled characters name * open a https download url , like this  ``` +------------------+ | | | safari | | | | | +--------+---------+ | | https | +--------v---------+ | | https with garbled name | apisix | | | | | +--------+---------+ | | http | +--------v---------+ | | | minio | | | | | +------------------+ ``` ### Expected Behavior open a https url should like open a http download url , then get right name like  ``` +------------------+ | | | safari | | | | | +--------+---------+ | | http | +--------v---------+ | | http url work fine | apisix | | | | | +--------+---------+ | | http | +--------v---------+ | | | minio | | | | | +------------------+ ``` ### Error Logs no error ### Steps to Reproduce 1. start minio s3 server ``` minio server data ``` 2. create bucket and upload object to s3 ``` mc alias set myminio http://127.0.0.1:9000 minioadmin minioadmin mc mb myminio/test touch 中文.test mc cp 中文.test myminio/test ``` 3. edit apisix conf ``` apisix: node_listen: 8000 # APISIX listening port enable_ipv6: false allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test. admin_listen: # use a separate port ip: 0.0.0.0 # Specific IP, if not set, the default value is `0.0.0.0`. port: 9180 admin_key: - name: "admin" key: edd1c9f034335f136f87ad84b625c8f111 role: admin # admin: manage all configuration data enable_control: true control: ip: "0.0.0.0" port: 9092 ssl: enable: true listen: - port: 443 etcd: host: - "http://127.0.0.1:2379"; prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds nginx_config: # error_log_level: debug http_server_configuration_snippet: | #ignore_invalid_headers off; proxy_buffering off; ``` 4. start apisix ``` etcd & docker run -v /root/config.yaml:/usr/local/apisix/conf/config.yaml -d --net host apache/apisix:2.15.1-debian ``` 5. create route to minio ``` IP=`hostname -I | awk '{print $1}'` curl "http://127.0.0.1:9180/apisix/admin/routes/1"; -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f111" -X PUT -d ' { "methods": ["GET"], "uri": "/*", "upstream": { "type": "roundrobin", "nodes": { "MODTHISIP:9000": 1 } } }' ``` 6. test route , get 403 here from minio ``` curl 127.0.0.1:8000 ``` 7. create http s3 presigned download url ``` package main import ( "fmt" "log" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" ) func main() { sess := session.Must(session.NewSession( &aws.Config{ Endpoint: aws.String("http://127.0.0.1:8000";), S3ForcePathStyle: aws.Bool((true)), DisableSSL: aws.Bool(true), Credentials: credentials.NewStaticCredentials("minioadmin", "minioadmin", ""), Region: aws.String("us-east-1"), }, )) svc := s3.New(sess) req, _ := svc.GetObjectRequest(&s3.GetObjectInput{ Bucket: aws.String("test"), Key: aws.String("中文.test"), ResponseContentDisposition: aws.String(`attachment;filename="阿瑟顿峰"`), }) urlStr, err := req.Presign(9999 * time.Minute) if err != nil { log.Println("Failed to sign request", err) } fmt.Println(urlStr) } ``` 8. open url at safari , and get right file name 9. bind hosts and upload cert to apisix ``` vi /etc/hosts 127.0.0.1 my.host # upload cert ... ``` 10. create https s3 presigned download url ``` package main import ( "fmt" "log" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" ) func main() { sess := session.Must(session.NewSession( &aws.Config{ Endpoint: aws.String("https://my.host";), S3ForcePathStyle: aws.Bool((true)), DisableSSL: aws.Bool(false), Credentials: credentials.NewStaticCredentials("minioadmin", "minioadmin", ""), Region: aws.String("us-east-1"), }, )) svc := s3.New(sess) req, _ := svc.GetObjectRequest(&s3.GetObjectInput{ Bucket: aws.String("test"), Key: aws.String("中文.test"), ResponseContentDisposition: aws.String(`attachment;filename="阿瑟顿峰"`), }) urlStr, err := req.Presign(9999 * time.Minute) if err != nil { log.Println("Failed to sign request", err) } fmt.Println(urlStr) } ``` 10 open url at safari , and get garbled file name ### Environment - APISIX version (run `apisix version`): 2.15.1 - Operating system (run `uname -a`): Linux pop-os 6.0.12-76060006-generic #202212290932~1671652965~22.04~452ea9d SMP PREEMPT_DYNAMIC Wed D x86_64 x86_64 x86_64 GNU/Linux - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): ginx version: openresty/1.21.4.1 built by gcc 10.2.1 20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1n 15 Mar 2022 (running with OpenSSL 1.1.1s 1 Nov 2022) TLS SNI support enabled - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
