Fix ranged GET signing failure with Cloudflare R2

w4nderlust · w4nderlust · commit e32c5782fc4e · 2026-04-06T22:23:37.000-07:00
GetObjectRange (and other body-less commands like DeleteObject,
AbortMultipartUpload, etc.) were getting content-length and content-type
headers included in the signed request. For commands with no body these
headers are empty/meaningless, but they still end up in the canonical
request signature. Cloudflare R2 rejects the resulting signature
(SignatureDoesNotMatch), while AWS S3 happens to tolerate it.

Added a `has_body()` helper on Command that returns true only for
commands that actually serialize request content (PutObject, UploadPart,
CompleteMultipartUpload, etc.). The header insertion in request_trait.rs
now checks `has_body()` instead of matching on the HTTP verb, which
avoids signing empty headers for any current or future body-less command.
diff --git a/s3/src/command.rs b/s3/src/command.rs
@@ -211,6 +211,21 @@ impl<'a> Command<'a> {
         }
     }
 
+    /// Whether this command carries a request body that should be reflected
+    /// in `Content-Length` and `Content-Type` headers during signing.
+    pub fn has_body(&self) -> bool {
+        matches!(
+            self,
+            Command::PutObject { .. }
+                | Command::PutObjectTagging { .. }
+                | Command::UploadPart { .. }
+                | Command::CompleteMultipartUpload { .. }
+                | Command::CreateBucket { .. }
+                | Command::PutBucketLifecycle { .. }
+                | Command::PutBucketCors { .. }
+        )
+    }
+
     pub fn content_length(&self) -> Result<usize, S3Error> {
         let result = match &self {
             Command::CopyObject { from: _ } => 0,
diff --git a/s3/src/request/request_trait.rs b/s3/src/request/request_trait.rs
@@ -11,7 +11,7 @@ use url::Url;
 
 use crate::LONG_DATETIME;
 use crate::bucket::Bucket;
-use crate::command::Command;
+use crate::command::{Command, HttpMethod};
 use crate::error::S3Error;
 use crate::signing;
 use bytes::Bytes;
@@ -700,16 +700,17 @@ pub trait Request {
 
         headers.insert(HOST, host_header.parse()?);
 
-        match self.command() {
-            Command::CopyObject { from } => {
-                headers.insert(HeaderName::from_static("x-amz-copy-source"), from.parse()?);
-            }
-            Command::ListObjects { .. } => {}
-            Command::ListObjectsV2 { .. } => {}
-            Command::GetObject => {}
-            Command::GetObjectTagging => {}
-            Command::GetBucketLocation => {}
-            Command::ListBuckets => {}
+        if let Command::CopyObject { from } = self.command() {
+            headers.insert(HeaderName::from_static("x-amz-copy-source"), from.parse()?);
+        }
+
+        // Only include content-length and content-type for methods that carry
+        // a request body. GET and HEAD requests must not have these headers in
+        // the signed request, otherwise providers like Cloudflare R2 reject
+        // the signature (the empty content-length value corrupts the canonical
+        // request).
+        match self.command().http_verb() {
+            HttpMethod::Get | HttpMethod::Head => {}
             _ => {
                 headers.insert(
                     CONTENT_LENGTH,
