[Cyberduck-trac] [Cyberduck] #10170: Does not send the Expect header, but adds it in the list of the SignedHeaders for AWS4 signature

Cyberduck trac at cyberduck.io
Fri Dec 8 09:01:24 UTC 2017 

#10170: Does not send the Expect header, but adds it in the list of the
SignedHeaders for AWS4 signature
----------------------+-------------------------
 Reporter:  zioproto  |         Owner:  dkocher
     Type:  defect    |        Status:  assigned
 Priority:  normal    |     Milestone:  7.0
Component:  s3        |       Version:  6.3.1
 Severity:  normal    |    Resolution:
 Keywords:            |  Architecture:
 Platform:            |
----------------------+-------------------------
Description changed by dkocher:

Old description:

> I have a problem with Cyberduck 6.3.1 connecting to my Rados Gateway with
> the S3 protocol.
>
> Cyberduck does not send the Expect header, but adds it in the list of the
> SignedHeaders.
>
> The AWS4 signature is not working because Cyberduck sends this
> Authentication header:
>
> Authorization: AWS4-HMAC-SHA256 Credential=[..stripped..out..]/20171206
> /us-east-1/s3/aws4_request,SignedHeaders=content-type;date;expect;host;x
> -amz-content-sha256;x-amz-
> date,Signature=ec83ddc9de6b379c929a8307ff5cb918a2ffad533e11408c079607ad8004cf3f
> User-Agent: Cyberduck/6.3.1.27228 (Mac OS X/10.12.6) (x86_64)
>
> The SignedHeaders contains the "expect" header, however Cyberduck is not
> sending this header out in the HTTP request.
>
> I tried adding with Nginx in the middle the missing header:
>
> proxy_set_header Expect 100-continue;
>
> and this fixed it, now the backend can verify the signature because the
> header is there.
>
> to reproduce just try to create a new bucket
>
> I use this profile:
> https://svn.cyberduck.io/trunk/profiles/S3%20(HTTPS).cyberduckprofile

New description:

 I have a problem with Cyberduck 6.3.1 connecting to my Rados Gateway with
 the S3 protocol.

 Cyberduck does not send the Expect header, but adds it in the list of the
 SignedHeaders.

 The AWS4 signature is not working because Cyberduck sends this
 Authentication header:


 {{{
 Authorization: AWS4-HMAC-SHA256 Credential=[..stripped..out..]/20171206
 /us-east-1/s3/aws4_request,SignedHeaders=content-type;date;expect;host;x
 -amz-content-sha256;x-amz-
 date,Signature=ec83ddc9de6b379c929a8307ff5cb918a2ffad533e11408c079607ad8004cf3f
 User-Agent: Cyberduck/6.3.1.27228 (Mac OS X/10.12.6) (x86_64)
 }}}

 The SignedHeaders contains the "expect" header, however Cyberduck is not
 sending this header out in the HTTP request.

 I tried adding with Nginx in the middle the missing header:


 {{{
 proxy_set_header Expect 100-continue;
 }}}


 and this fixed it, now the backend can verify the signature because the
 header is there.

 to reproduce just try to create a new bucket

 I use this profile:
  * https://svn.cyberduck.io/trunk/profiles/S3%20(HTTPS).cyberduckprofile

--

--
Ticket URL: <https://trac.cyberduck.io/ticket/10170#comment:2>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list