rgw/s3: Always include x-amz-content-sha256 header in AWS v4 signatures for S3 compat...

author Matthew N. Heler <matthew.heler@hotmail.com>

Mon, 29 Sep 2025 20:37:32 +0000 (15:37 -0500)

committer Matthew N. Heler <matthew.heler@hotmail.com>

Mon, 29 Sep 2025 20:39:59 +0000 (15:39 -0500)
author Matthew N. Heler <matthew.heler@hotmail.com>
Mon, 29 Sep 2025 20:37:32 +0000 (15:37 -0500)
committer Matthew N. Heler <matthew.heler@hotmail.com>
Mon, 29 Sep 2025 20:39:59 +0000 (15:39 -0500)
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index 3cff2110cab196ce3c7f0f1d24241b5873b388ba..ab969dac29d63d616f5124e16b5f5b407d19723f 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -6368,7 +6368,11 @@ AWSSignerV4::prepare(const DoutPrefixProvider *dpp,
    if (opt_content) {
      content_hash = rgw::auth::s3::calc_v4_payload_hash(opt_content->to_str());
      extra_headers["x-amz-content-sha256"] = content_hash;
-
+  } else {
+    /* Some S3-compatible services require x-amz-content-sha256 header to always
+     * be present and included in the signature, even for unsigned payload.
+     * AWS S3 specification states that this header is required for all requests. */
+    extra_headers["x-amz-content-sha256"] = AWS4_UNSIGNED_PAYLOAD_HASH;
    }
  
    /* craft canonical headers */
author	Matthew N. Heler <matthew.heler@hotmail.com>
	Mon, 29 Sep 2025 20:37:32 +0000 (15:37 -0500)
committer	Matthew N. Heler <matthew.heler@hotmail.com>
	Mon, 29 Sep 2025 20:39:59 +0000 (15:39 -0500)