Skip to content
This repository has been archived by the owner on Aug 14, 2018. It is now read-only.

URL needs double-encoding for non-S3 endpoints #28

Open
danopia opened this issue Nov 9, 2015 · 7 comments
Open

URL needs double-encoding for non-S3 endpoints #28

danopia opened this issue Nov 9, 2015 · 7 comments

Comments

@danopia
Copy link
Contributor

danopia commented Nov 9, 2015

Hey,

I'm using this library to sign requests to an AWS ES Service endpoint. Basic requests work fine, but those with a * have a signing error:

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'GET
/.kibana-4/_mapping/%252A/field/_source
_=1447104608354
...

The canonical request generated by go-aws-auth only single-encoded the symbol:
/.kibana-4/_mapping/%2A/field/_source

Adding another encodePathFrag() call around the existing one in normuri() fixed the request.

Docs don't talk much about this but a spec on node's aws-sdk checks that URIs are double-encoded for non-S3 endpoints only. https://github.com/aws/aws-sdk-js/blob/333b9d1507a70c8e5b6459a1b513f9fcddd16457/test/signers/v4.spec.coffee#L124

@danopia
Copy link
Contributor Author

danopia commented Nov 9, 2015

I would've loved for this to be cut-and-dry but another request with a comma in the URL is requiring a single-encode. I'm going to open an AWS ticket about this.

@mwek
Copy link

mwek commented Feb 17, 2016

For ES endpoint, these characters require double-encoding: !"#%'()*
These are single encoded: $&+,

I've opened AWS support ticket about it, and will post the received response here.

@mwek
Copy link

mwek commented Feb 17, 2016

And the response is:
"Thanks for pointing out this inconsistency between our documentation and the behavior you see. I am forwarding this for evaluation to see if we have a bug or design flaw on our hands."

Will keep you updated.

@bjorn-ali-goransson
Copy link

Seems that commas need to be double encoded these days?

@sha1sum
Copy link

sha1sum commented Sep 13, 2016

For those still awaiting a resolution of this, please help me review #35 as I'm not using go-aws-auth for anything other than Elasticsearch Service.

@sgsandeep
Copy link

sgsandeep commented Mar 8, 2017

I am using AWS elasticsearch and using AWS signature V4 to communicate with the instance.
I tried encoding my URI as follows:
/index1%2Cindex2/type1%2Ctype2/_search
and (Double encoding)
/index1%252Cindex2/type1%252Ctype2/_search

Still AWS expects the % to be encoded again as follows.
/index1%25252Cindex2/type1%25252Ctype2/_search

Any help would be appreciated.

@sha1sum
Copy link

sha1sum commented Mar 8, 2017

@sgsandeep are you using the branch on #35 ?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants