{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 该账号已被封号 的问题《Do not propagate headers on HTTP redirects》','https://www.manongdao.com/q-1247977.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have files hosted on Amazon S3, and I'd like to download them after a treatment in my app. This app view requires the HTTP Authorization header to proceed. Here is the process:
- Query view
/file/xxxwith the requiredAuthorizationrequest header - If the app access is granted, does some treatment
- Generate a signed S3 url, and redirect to it
The fact is that the request header is also propagated on the redirect, and is in conflict with Amazon's S3 signature, I have the following error message:
Either the Signature query string parameter or the Authorization header should be specified, not both
So, is there a way to not propagate the Authorization header to S3 ?
Note that I have tested all 3xx HTTP codes. Thanks in advance.
It may depend on your client, for example see: https://code.google.com/p/go/issues/detail?id=4800
It appears curl won't carry over your Authorization header by default. But I'm dealing with a similar issue and I see that by default http components appears to carry it.
Is your S3 file path on the same domain as your
/file/xxx? That would explain why the Authorization header is being sent, presumably. If you have your S3 hosted on a different domain to the app view, then I would assume the Authorization header would not be sent to the S3 domain (as HTTP Authorization is per-domain).