From: Matthew N. Heler <matthew.heler@hotmail.com>
Date: Mon, 29 Sep 2025 20:37:32 +0000 (-0500)
Subject: rgw/s3: Always include x-amz-content-sha256 header in AWS v4 signatures for S3 compat... 
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4429c7b875f02b53ea646762f8078c912b17dc57;p=ceph.git

rgw/s3: Always include x-amz-content-sha256 header in AWS v4 signatures for S3 compatibility

Signed-off-by: Matthew N. Heler <matthew.heler@hotmail.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 3cff2110cab1..ab969dac29d6 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -6368,7 +6368,11 @@ AWSSignerV4::prepare(const DoutPrefixProvider *dpp,
   if (opt_content) {
     content_hash = rgw::auth::s3::calc_v4_payload_hash(opt_content->to_str());
     extra_headers["x-amz-content-sha256"] = content_hash;
-
+  } else {
+    /* Some S3-compatible services require x-amz-content-sha256 header to always
+     * be present and included in the signature, even for unsigned payload.
+     * AWS S3 specification states that this header is required for all requests. */
+    extra_headers["x-amz-content-sha256"] = AWS4_UNSIGNED_PAYLOAD_HASH;
   }
 
   /* craft canonical headers */