Amplify-js: Bad signature for special characters *!() in query string
Describe the bug
A clear and concise description of what the bug is.
API Gateway returns a 403 whenever the query string contains any of these characters: *!()
To Reproduce
Steps to reproduce the behavior:
Make a call to API.get() on an endpoint protected with the AWS_IAM authorization type, passing it the init value similar to the following: {queryStringParameters: {foo: "*"}}
Expected behavior
For the correct signature to be generated, and the request not be automatically rejected by API Gateway with a 403.
Desktop (please complete the following information):
- OS: macOS mojave 10.14 (18A391)
- Browser chrome 70.0.3538.102 (Official Build) (64-bit)
- Version 1.1.17
Additional context
This could be related to RFC 3986, explained here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
dannymcpherson
All 7 comments
If it helps, I was able to work around the issue by moving the affected queryStringParameters into a custom header.
dannymcpherson
on 17 Dec 2018
Hi, I have the same issue, when I use "*" in a query parameter, I get the error
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method
This is a big issue, because * is used as a search parameter. Any hint how to solve it?
silvanaweb
on 30 Jan 2019
@silvanaweb - Just curious... where did your logs come from?
dannymcpherson
on 30 Jan 2019
@silvanaweb - Just curious... where did your logs come from?
First I tried in my website and got a 403 error. Then I tried with with the curl command (that I copied from the Network api call in the developer tools of Chrome) in my (linux like) terminal and and I got that error message.
silvanaweb
on 30 Jan 2019
Thank you, #2631 would fix it!!! :)
silvanaweb
on 30 Jan 2019
@dannymcpherson I see the error in response when calling API Gateway.
To be more precise, response body is something like
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been …"}
xkollar
on 14 Feb 2019
@silvanaweb @dannymcpherson I merged into master now, I will do more testing on the unstable release before doing a publish.
elorzafe
on 25 Feb 2019
Related issues
ldgarcia
·
3Comments
leantide
·
3Comments
epicfaace
·
3Comments
oste
·
3Comments
rayhaanq
·
3Comments
Most helpful comment
@silvanaweb @dannymcpherson I merged into master now, I will do more testing on the unstable release before doing a publish.