Hi @jmj, I’m using the same code as shared in this post, except that:
// Add parameters in the correct order
canonicalQueryString.WriteString(fmt.Sprintf("X-Amz-Algorithm=%s", algorithm))
canonicalQueryString.WriteString(fmt.Sprintf("&X-Amz-Credential=%s", credential.String()))
canonicalQueryString.WriteString(fmt.Sprintf("&X-Amz-Date=%s", dateTime))
canonicalQueryString.WriteString(fmt.Sprintf("&X-Amz-Expires=%d", int(p.Expiration.Seconds())))
canonicalQueryString.WriteString("&X-Amz-SignedHeaders=content-type;host")
// Build host and canonical headers
var canonicalHeaders strings.Builder
canonicalHeaders.WriteString(fmt.Sprintf("content-type:%s", mime))
canonicalHeaders.WriteByte('\n')
canonicalHeaders.WriteString(fmt.Sprintf("host:%s", p.Endpoint))
canonicalHeaders.WriteByte('\n')
// Build canonical request
var canonicalRequest strings.Builder
canonicalRequest.WriteString(p.Method)
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString(canonicalURI.String())
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString(canonicalQueryString.String())
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString(canonicalHeaders.String())
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString("content-type;host")
canonicalRequest.WriteByte('\n')
canonicalRequest.WriteString("UNSIGNED-PAYLOAD")
The client then generates the following url:
https://test.sessions.pinggg.cloud/7s8g5fgphySq7gc07POSts74eDDfoO77q61BcJUQOCCA/shares/1.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=tid_mNpmYFuMLHfstgsbJEnjDXQLjRSgqXlznLCJdlY_ZIhereWHco%2F20250627%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20250627T180046Z&X-Amz-Expires=15&X-Amz-SignedHeaders=content-type;host&X-Amz-Signature=e58ac8dc263db97f06795cc46ac5fa0bb1aaeb2952b1eb66f8beb7ef7a5139fc
But during upload I get the message (400 Bad Request
):
<Error>
<Code>AuthorizationQueryParametersError</Code>
<Message>Query-string authentication version 4 requires the X-Amz-Algorithm, X-Amz-Credential, X-Amz-Signature, X-Amz-Date, X-Amz-SignedHeaders, and X-Amz-Expires parameters.</Message>
<Resource>/7s8g5fgphySq7gc07POSts74eDDfoO77q61BcJUQOCCA/shares/1.png</Resource>
<RequestId>1751047264049587309</RequestId>
<Key>7s8g5fgphySq7gc07POSts74eDDfoO77q61BcJUQOCCA/shares/1.png</Key>
<BucketName>test.sessions.pinggg.cloud</BucketName>
</Error>
When I don’t include the content type in the signing process then it works fine.
For now I leave out the content type… and put my focus back on building my product