Gravatar for arthur.north@avanade.com

Question by ArthurN, Apr 23, 2019 6:55 PM

Push Source AWS There were headers present in the request which were not signed

We have a Coveo Cloud org that around April 10th 2019 started throwing errors when uploading files to AWS drop locations generated by Coveo for a push source:

"<Code>AccessDenied</Code><Message>There were headers present in the request which were not signed</Message><HeadersNotSigned>x-amz-server-side-encryption</HeadersNotSigned>"

Debugging the issue locally I can see that the API "https://push.cloud.coveo.com/v1/organizations/{orgid}" is returning a success code in generating an upload location requiring encryption AES256 which when we attempt to upload a package with a parameter of "{x-amz-server-side-encryption=AES256}" it returns the above error.

We have made no code changes to this area of the application in well over 4 months. Is there some new requirement to utilize the AWS blob storage locations created by Coveo? Were these urls presigned previously?

Gravatar for amoreau@coveo.com

Comment by amoreau, Apr 23, 2019 7:29 PM

Hey Arthur,

Are you using the headers Coveo returns when pushing your content to AWS? In the response to /organizations/{orgid}/files, you should have a "requiredHeaders" value, containing the headers you should use to push your data. Typically, this should be:

{
    "x-amz-server-side-encryption": "AES256",
    "Content-Type": "application/octet-stream"
}

You can find more information about this call here: https://platform.cloud.coveo.com/docs?api=PushApi#!/File32Container/post_organizations_organizationId_files

0 Reply
Ask a question