Checking S3 compatibility for MIME types for presigned POST urls

hakoptak · June 27, 2025, 7:32pm

Hi @jmj, I’m using the same code as shared in this post, except that:

// Add parameters in the correct order
canonicalQueryString.WriteString(fmt.Sprintf("X-Amz-Algorithm=%s", algorithm))
canonicalQueryString.WriteString(fmt.Sprintf("&X-Amz-Credential=%s", credential.String()))
canonicalQueryString.WriteString(fmt.Sprintf("&X-Amz-Date=%s", dateTime))
canonicalQueryString.WriteString(fmt.Sprintf("&X-Amz-Expires=%d", int(p.Expiration.Seconds())))
canonicalQueryString.WriteString("&X-Amz-SignedHeaders=content-type;host")

// Build host and canonical headers
var canonicalHeaders strings.Builder

canonicalHeaders.WriteString(fmt.Sprintf("content-type:%s", mime))
canonicalHeaders.WriteByte('\n')
canonicalHeaders.WriteString(fmt.Sprintf("host:%s", p.Endpoint))
canonicalHeaders.WriteByte('\n')

// Build canonical request
var canonicalRequest strings.Builder

canonicalRequest.WriteString(p.Method)
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString(canonicalURI.String())
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString(canonicalQueryString.String())
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString(canonicalHeaders.String())
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString("content-type;host")
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString("UNSIGNED-PAYLOAD")

The client then generates the following url:

https://test.sessions.pinggg.cloud/7s8g5fgphySq7gc07POSts74eDDfoO77q61BcJUQOCCA/shares/1.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=tid_mNpmYFuMLHfstgsbJEnjDXQLjRSgqXlznLCJdlY_ZIhereWHco%2F20250627%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20250627T180046Z&X-Amz-Expires=15&X-Amz-SignedHeaders=content-type;host&X-Amz-Signature=e58ac8dc263db97f06795cc46ac5fa0bb1aaeb2952b1eb66f8beb7ef7a5139fc

But during upload I get the message (400 Bad Request):

<Error>
<Code>AuthorizationQueryParametersError</Code>
<Message>Query-string authentication version 4 requires the X-Amz-Algorithm, X-Amz-Credential, X-Amz-Signature, X-Amz-Date, X-Amz-SignedHeaders, and X-Amz-Expires parameters.</Message>
<Resource>/7s8g5fgphySq7gc07POSts74eDDfoO77q61BcJUQOCCA/shares/1.png</Resource>
<RequestId>1751047264049587309</RequestId>
<Key>7s8g5fgphySq7gc07POSts74eDDfoO77q61BcJUQOCCA/shares/1.png</Key>
<BucketName>test.sessions.pinggg.cloud</BucketName>
</Error>

When I don’t include the content type in the signing process then it works fine.

For now I leave out the content type… and put my focus back on building my product

Topic		Replies	Views
Confused by presigned (multipart) upload url messages tigris	6	80	February 22, 2025
Multipart presigned url 'signature not matching' message tigris	2	72	January 18, 2025
Changing a Tigris key's MIME type Questions / Help storage , tigris	8	74	September 14, 2024
SignatureDoesNotMatch when using pre-signed URL with AWS-SDK storage , tigris	2	265	January 26, 2025
Support for multipart presigned urls storage , tigris	2	39	June 23, 2025

Checking S3 compatibility for MIME types for presigned POST urls

Related topics