From: Jonathan Suever <653357+suever@users.noreply.github.com>
Date: Fri, 14 Nov 2025 22:36:06 +0000 (-0500)
Subject: rgw: Remove invalid Content-Type header RGW OIDC discovery requests
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1cbca1dbdce5fd1b7dc93c270b29f5c33144b62f;p=ceph-ci.git

rgw: Remove invalid Content-Type header RGW OIDC discovery requests

RGW sends OIDC discovery and JWKS requests with an incorrect application/x-www-form-urlencoded Content-Type header, causing 415 (Unsupported Media Type) responses from some identity providers including AWS EKS. This PR removes this header for the GET requests as it was a hold-over from a previous change where the endpoint was previously an HTTP POST https://github.com/ceph/ceph/commit/7566664f89be062e0c9f3519dc60b94c8af5e2a4 and was carried through to the current implementation https://github.com/ceph/ceph/commit/803570cd4f7ffbb3d7a329b0b9450748b3ca335d

Fixes: https://tracker.ceph.com/issues/73877
Signed-off-by: Jonathan Suever <suever@gmail.com>
---

diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
index e2d16d56988..5a211302cbf 100644
--- a/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@ -313,9 +313,6 @@ WebTokenEngine::get_cert_url(const string& iss, const DoutPrefixProvider *dpp, o
 
   RGWHTTPTransceiver openidc_req(cct, "GET", openidc_wellknown_url, &openidc_resp);
 
-  //Headers
-  openidc_req.append_header("Content-Type", "application/x-www-form-urlencoded");
-
   int res = openidc_req.process(dpp, y);
   if (res < 0) {
     ldpp_dout(dpp, 10) << "HTTP request res: " << res << dendl;
@@ -620,8 +617,6 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec
     // Get certificate
     bufferlist cert_resp;
     RGWHTTPTransceiver cert_req(cct, "GET", cert_url, &cert_resp);
-    //Headers
-    cert_req.append_header("Content-Type", "application/x-www-form-urlencoded");
 
     int res = cert_req.process(dpp, y);
     if (res < 0) {