S3 getSignedUrl with SSE-C #6978
Description
Describe the bug
Hi,
we use a server side encryption with customer key for files stored on S3.
I generate a pre-signed url with getSignedUrl of @aws-sdk/s3-request-presigner with this code on server:
params = {
Bucket: MyBucket,
Key: filename,
SSECustomerAlgorithm: 'AES256',
};
const url = await getSignedUrlS3(s3, new GetObjectCommand(params), {
expiresIn: SIGNED_URL_DEFAULT_EXPIRES,
});
I don't put SSECustomerKey & SSECustomerKeyMD5 on pre-signed request parameters to follow these issue
Then, on client-side, i use the pre-signed url to fetch file on S3 with those headers:
'x-amz-server-side-encryption-customer-algorithm': 'AES256',
'x-amz-server-side-encryption-customer-key': encryptionKey,
'x-amz-server-side-encryption-customer-key-MD5': crypto.createHash('md5')
.update(encryptionKey)
.digest('base64'),
I still have the error:
<Error>
<Code>
AccessDenied
</Code>
<Message>
There were headers present in the request which were not signed
</Message>
<HeadersNotSigned>
x-amz-server-side-encryption
</HeadersNotSigned>
<RequestId>
PC29AFXRZYW6EWD3
</RequestId>
<HostId>
XtHTRmeLlgkKb6lE9qpPM846LEVyvej9SMJeRSKD908YSqeyHHnQ1qni3NqkRozcNlCcNVZXTdvNNCXC/xq/Ojg9wW6cf/mn
</HostId>
</Error>
If i try to send key & md5 hash on presigned request, i get the SignatureDoesNotMatch error !
I precise that the key and md5 hash are correct because i can get the file correctly when i fetch the file from server.
Thanks
"@aws-sdk/client-s3": "^3.470.0",
"@aws-sdk/s3-request-presigner": "^3.758.0",
```
### Regression Issue
- [ ] Select this option if this issue appears to be a regression.
### Expected Behavior
Fetch the file correctly on client-side with SSE-C
### Current Behavior
I got access denied on client-side but ok on server side
### Reproduction Steps
Use SSE-C on file with pre-signed url, fetched on client-side
### Possible Solution
_No response_
### Additional Information/Context
_No response_
### SDK version used
3.758.0
### Environment details (OS name and version, etc.)
NodeJS / React