Skip to content

Fix AWS SigV4 compatibility with Supabase Storage S3 #498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix AWS SigV4 compatibility with Supabase Storage S3 #498

wants to merge 1 commit into from

Conversation

meeq
Copy link

@meeq meeq commented Aug 2, 2025
edited
Loading

The AWS SigV4 documentation states:

The CanonicalHeaders list must include the following:

  • HTTP host header.
  • If the Content-MD5 header is present in the request, you must add it to the CanonicalHeaders list.
  • Any x-amz-* headers that you plan to include in your request must also be added. For example, if you are using temporary security credentials, you need to include x-amz-security-token in your request. You must add this header in the list of CanonicalHeaders.

Supabase Storage explicitly forbids certain headers from being included in the signature, so this patch pares down the canonical headers to a more broadly-supported subset.

For reference, botocore (the underlying library that powers the canonical aws-cli tool) only signs "interesting" headers, and omits the rest, so this change should not break compatibility.

Related to wojtekmach/req_s3#22

@meeq
Filter AWS SigV4 canonical headers
6ebe849 
Fixes compatibility with Supabase Storage S3
@meeq meeq mentioned this pull request Aug 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@meeq