Do Not Distribute Headers When Redirecting HTTP

Question

Do Not Distribute Headers When Redirecting HTTP

I have files hosted on Amazon S3 and I want to upload them after processing in my application. To view this application, an HTTP authorization header is required. Here is the process:

View request /file/xxx with required Authorization header
If access to the application is granted, some treatment is performed.
Create a signed S3 URL and redirect it

The fact is that the request header is also being redirected and is in conflict with the Amazon S3 signature, I have the following error message:

You must specify either a string parameter of the signature line or an authorization header, and not both

So, is there a way to not extend the Authorization header to S3?

Please note that I tested all 3xx HTTP codes. Thanks in advance.

+6

redirect http django http-headers amazon-s3

Leo Oct 31 '12 at 14:01

source share

2 answers

Jeff damick · Answer 1 · 2013-11-07T21:54:11+0000

This may depend on your client, for example: https://code.google.com/p/go/issues/detail?id=4800

It seems that curl will not wrap your authorization header by default. But I am dealing with a similar problem, and I see that by default the http components seem to carry it.

M somerville · Answer 2 · 2012-11-14T15:57:13+0000

Is your S3 file path in the same domain as your /file/xxx ? This explains why the authorization header is apparently being sent. If you have your S3 hosted in a different domain in the application view, I would suggest that the authorization header will not be sent to the S3 domain (since HTTP authorization is for the domain).

Do Not Distribute Headers When Redirecting HTTP

More articles: