|
@@ -233,9 +233,19 @@ func buildCanonicalRequest(r *http.Request, body []byte, signedHeaders []string)
|
|
|
// Signed headers
|
|
// Signed headers
|
|
|
signedHeadersStr := strings.Join(signedHeaders, ";")
|
|
signedHeadersStr := strings.Join(signedHeaders, ";")
|
|
|
|
|
|
|
|
- // Payload hash - THIS IS THE KEY FIX
|
|
|
|
|
- // Use the actual body bytes passed in, not an empty body
|
|
|
|
|
- payloadHash := sha256Hash(body)
|
|
|
|
|
|
|
+ // Payload hash - Check if client sent UNSIGNED-PAYLOAD
|
|
|
|
|
+ var payloadHash string
|
|
|
|
|
+ amzContentSha256 := r.Header.Get("X-Amz-Content-SHA256")
|
|
|
|
|
+ if amzContentSha256 == "UNSIGNED-PAYLOAD" {
|
|
|
|
|
+ // Use the literal string for streaming/multipart uploads
|
|
|
|
|
+ payloadHash = "UNSIGNED-PAYLOAD"
|
|
|
|
|
+ } else if amzContentSha256 != "" {
|
|
|
|
|
+ // Use the hash provided by the client
|
|
|
|
|
+ payloadHash = amzContentSha256
|
|
|
|
|
+ } else {
|
|
|
|
|
+ // Calculate hash from the actual body
|
|
|
|
|
+ payloadHash = sha256Hash(body)
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
canonicalRequest := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s",
|
|
canonicalRequest := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s",
|
|
|
method,
|
|
method,
|
Alan Yeung