pjfanning opened a new pull request, #1544: URL: https://github.com/apache/pekko-connectors/pull/1544
PR #1299 introduced an allowlist filter for S3 request headers that strips headers **before signing**. AWS SDK v2 (≥2.42) began sending `Content-Type` on `UploadPart` requests; because it was missing from the allowlist it was stripped pre-signing while Pekko HTTP still included it on the wire — causing a canonical request mismatch and `SignatureDoesNotMatch` errors. Netty was unaffected because it doesn't attach `Content-Type` to the entity independently. May help with #1543 ## `reference.conf` allowlist fixes - **`UploadPart`**: add `Content-Type` (primary fix) and `x-amz-trailer` (SDK v2 trailing checksum headers) - **`InitiateMultipartUpload`**: add `Content-Length` and `Content-MD5` (present in the [CreateMultipartUpload API spec](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) but missing from the allowlist) ## Tests (`S3HeadersSpec`) Four new cases using the real `reference.conf` defaults (via `ConfigFactory.load()`): - `Content-Type` passes through `UploadPart` filter - `x-amz-trailer` passes through `UploadPart` filter - `Content-Length` and `Content-MD5` pass through `InitiateMultipartUpload` filter - `x-amz-acl` is still rejected by `UploadPart` filter (regression guard) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
