Closed
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
Sending a PUT request to a pre-signed URL succeeds when the Content-MD5 parameter/header value does not match the MD5 hash of the request content received.
It works as expected when using PROVIDER_OVERRIDE_S3: legacy though.
Expected Behavior
The request should fail by MD5 hash of the content not matching the expected Content-MD5 hash.
How are you starting LocalStack?
With a docker-compose file
Steps To Reproduce
const s3 = new AWS.S3({
endpoint: 'http://localhost:4566',
signatureVersion: 'v4', // Required for the presigned URL functionality with extra headers
s3ForcePathStyle: true, // Do not use custom domains
});
const body = '123456';
const invalidBodyMd5AsBase64 = '123456'
const url = await s3.getSignedUrlPromise('putObject', {
Bucket: 'test-bucket',
Key: 'test-file',
Expires: 3600,
ContentMD5: invalidBodyMd5AsBase64 // Adds 'Content-MD5' parameter in query string
});
const result = await fetch(url, {
method: 'PUT',
body: body,
headers: {
'Content-Type': 'text/plain',
'Accept': 'application/json',
'Content-MD5': invalidBodyMd5AsBase64, // This is required, otherwise AWS refuses to accept the request
},
});
assert(result.ok); // This should fail as the request should be denied because of miss-matching Content-MD5 hashEnvironment
- OS: MacOS 13.5
- LocalStack: 2.1.0Anything else?
No response