The path encoding fails on :

[orasimus]

Hi! Thanks for the commits regarding the path escaping.

The signing still fails if the path contains a :. It gets transformed into %3A earlier and then on line 219:

path.push(encodeRfc3986(querystring.escape(piece)))

querystring.escape turns it into %253A.

So signing calls to e.g. http://domain.com/product/foo:123 fails.

[mhart]

@orasimus this is actually how the Amazon services work – you can check it yourself if you like.

[mhart]

@orasimus – only S3 will decode the querystring before escaping it again – all the other services do not try to decode entities. And because the character : is disallowed in a URL, it needs to be percent encoded in the path in the first place.

[mhart]

@orasimus You can read more info on it all here: aws/aws-sdk-js#853 (comment)

[mhart]

@orasimus If you don't wish to have this behaviour because you're testing or using it in your own service, you can use doNotEncodePath: true as an option – this is what I do to get it to pass the test suite: https://github.com/mhart/aws4/blob/master/test/fast.js#L542

[orasimus]

Thanks for the comment. I tried looking at the code yesterday, but I guess it was too early in the morning as I missed that. :)