Project

Profile

Help

Issue #9595

closed

HEAD requests on the artefacts from S3 storage recieve 403

Added by ipanova@redhat.com about 1 year ago. Updated about 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 111
Quarter:

Description

(pulp) [vagrant@pulp3-source-fedora34 _scripts]$ http  https://pulp3-source-fedora34.fluffy.example.com/pulp/api/v3/distributions/file/file/9034d885-babb-4d19-81b3-091bd9f63a7f/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Correlation-ID
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Connection: keep-alive
Content-Length: 398
Content-Type: application/json
Correlation-ID: c5d10e5eaf7c40518b04130e3a2b22d3
Date: Wed, 01 Dec 2021 12:41:05 GMT
Referrer-Policy: same-origin
Server: nginx/1.20.1
Strict-Transport-Security: max-age=15768000
Vary: Accept, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

{
    "base_path": "vewtf",
    "base_url": "https://pulp3-source-fedora34.fluffy.example.com/pulp/content/vewtf/",
    "content_guard": null,
    "name": "cizwr",
    "publication": "/pulp/api/v3/publications/file/file/10c34224-83ff-40b5-a47e-1453a13cbc88/",
    "pulp_created": "2021-12-01T12:34:22.111939Z",
    "pulp_href": "/pulp/api/v3/distributions/file/file/9034d885-babb-4d19-81b3-091bd9f63a7f/",
    "pulp_labels": {},
    "repository": null
}


(pulp) [vagrant@pulp3-source-fedora34 _scripts]$ http https://pulp3-source-fedora34.fluffy.example.com/pulp/content/vewtf/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 343
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Dec 2021 12:41:14 GMT
Server: nginx/1.20.1
Strict-Transport-Security: max-age=15768000
X-PULP-CACHE: HIT

        <!DOCTYPE html>
        <html>
            <body>
                <ul>
                
                    <li><a href="PULP_MANIFEST">PULP_MANIFEST</a></li>
                
                    <li><a href="test_upload.txt">test_upload.txt</a></li>
                
                </ul>
            </body>
        </html>
        


(pulp) [vagrant@pulp3-source-fedora34 _scripts]$ http --follow HEAD https://pulp3-source-fedora34.fluffy.example.com/pulp/content/vewtf/test_upload.txt
HTTP/1.1 403 Forbidden
Accept-Ranges: bytes
Content-Length: 0
Content-Security-Policy: block-all-mixed-content
Date: Wed, 01 Dec 2021 12:41:20 GMT
Server: MinIO
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 16BCA1FED0CD6B9E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block



(pulp) [vagrant@pulp3-source-fedora34 _scripts]$ http --follow GET https://pulp3-source-fedora34.fluffy.example.com/pulp/content/vewtf/test_upload.txt
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment;filename=test_upload.txt
Content-Length: 11
Content-Security-Policy: block-all-mixed-content
Content-Type: text/plain
Date: Wed, 01 Dec 2021 12:41:28 GMT
ETag: "eef16594e73fc257de8125c7f1727a95"
Last-Modified: Wed, 01 Dec 2021 12:34:12 GMT
Server: MinIO
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Amz-Request-Id: 16BCA200B53E2618
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

rzwdbspfbe


(pulp) [vagrant@pulp3-source-fedora34 _scripts]$ 

Presigned URLs allow one type of HTTP request method, which is defined at their creation time. By default, Boto3 creates presigned URLs that permit only the HTTP GET method however, the request method can be specified. This is exposed in django-storages S3Boto3Storage.url as http_method.


Related issues

Copied from Container Support - Issue #9586: Container clients fail to retrieve artefacts from S3 storageCLOSED - CURRENTRELEASEActions

Also available in: Atom PDF