Fix CloudFront signer RFC5987 support

[realies]

url.parse(someUrl, true) in combination with nulling its search property has a side-effect when re-encoding using url.format.

aws-sdk-js/lib/cloudfront/signer.js

Line 183 in 821e9a1

var parsedUrl = url.parse(options.url, true),

aws-sdk-js/lib/cloudfront/signer.js

Line 188 in 821e9a1

parsedUrl.search = null;

It causes URL queries existing before the signing process to get re-encoded improperly during the url.format stage here:

aws-sdk-js/lib/cloudfront/signer.js

Lines 197 to 198 in 821e9a1

	? getRtmpUrl(url.format(parsedUrl))
	: url.format(parsedUrl);

This breaks the usage of some special characters in URL queries, even when they have been properly URL encoded. One example is setting the filename in a specific charset using the response-content-disposition query field. For example, the response-content-disposition query value (RFC5987 examples) may contain:

attachment%3Bfilename%2A%3DUTF-8%27%27abc%2520def.mp4

Although the current functionality returns a signed URL that has the query value formatted as:

attachment%3Bfilename*%3DUTF-8''abc%2520def.mp4

This invalidates the generated signature and CloudFront replies with:

<Error>
<Code>AccessDenied</Code>
<Message>Access denied</Message>
</Error>

To replicate the issue in isolation:

> var u = url.parse('https://asdf.cloudfront.net/932e9e5d-cbdf-4c73-a3dc-e07758bd3adb?response-content-disposition=attachment%3Bfilename%2A%3DUTF-8%27%27abc%2520def.mp4', true)
> url.format(u)
'https://asdf.cloudfront.net/932e9e5d-cbdf-4c73-a3dc-e07758bd3adb?response-content-disposition=attachment%3Bfilename%2A%3DUTF-8%27%27abc%2520def.mp4'
> u.search=null
> url.format(u)
"https://asdf.cloudfront.net/932e9e5d-cbdf-4c73-a3dc-e07758bd3adb?response-content-disposition=attachment%3Bfilename*%3DUTF-8''abc%2520def.mp4"

The example input URL query works fine in aws-sdk-php and boto3.

Fixes #2952.

[aws-sdk-js-automation]

AWS CodeBuild CI Report

• CodeBuild project: sdk-v2-github
• Commit ID: c4cec7c
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[realies]

@ajredniwja @AllanZhengYP could you please review this and potentially release it?

[realies]

@ajredniwja @AllanZhengYP this is more than a year old now

[github-actions]

Greetings! We’re closing this issue because it has been open a long time and hasn’t been updated in a while and may not be getting the attention it deserves. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to comment or open a new issue.

[realies]

review it

[kellertk]

Thank you for your efforts, but this project is no longer accepting contributions as part of our plan to end support for AWS SDK for JavaScript v2. This method is overridable in your own code at runtime, if you prefer.