Ceph: PUTs requests to an RGW with pre-signed URLs (CORS) fail (403 response) after upgrading to RHCS 7.x.

Solution Verified - Updated -

Issue

PUTs requests to an RGW with pre-signed URLs (CORS) fail (403 response) after upgrading to RHCS 7.x.

After upgrading to 17.2.7 we have some users complaining that they can no longer do PUTs with pre-signed URLs. They are receiving messages like "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

Command with a pre-signed URL will fail with a 403 response:

Region us-east-1
Without ACL
https://endpoint/bucket/foo.png?AWSAccessKeyId=UFK4WVCRL8XHSMQERIGJ&Signature=tvGiXAca%2B6m8y5YDbDSPY1akqlI%3D&Expires=1706902836
403
With ACL
https://endpoint/bucket/foo.png?AWSAccessKeyId=UFK4WVCRL8XHSMQERIGJ&Signature=3pYkXrAajuOFYbTqhq3TY7YcioE%3D&x-amz-acl=private&Expires=1706902837
403
Region us-east-2
Without ACL
https://endpoint/bucket/foo.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UFK4WVCRL8XHSMQERIGJ%2F20240202%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20240202T193037Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=a1e723930c116fc45244adf9f2e629b2c5b989480a37eb31b0be38c980dbfc1e
200
With ACL
https://endpoint/bucket/foo.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UFK4WVCRL8XHSMQERIGJ%2F20240202%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20240202T193037Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host%3Bx-amz-acl&X-Amz-Signature=cd514a13b7e0327679ec0d3a53e122f8125f3b8c6a35b3851c40b4f0b65058e5
403

Environment

Red Hat Ceph Storage (RHCS) 7.x
Ceph Rados Gateway (RGW)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content