Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cloudflare r2] S3 default integrity change #1845

Open
it-can opened this issue Jan 16, 2025 · 1 comment
Open

[cloudflare r2] S3 default integrity change #1845

it-can opened this issue Jan 16, 2025 · 1 comment

Comments

@it-can
Copy link

it-can commented Jan 16, 2025
edited
Loading

Feature Request

Q A
Flysystem Version 3.29.1
Adapter Name flysystem-aws-s3-v3
Adapter version 3.29.0

Scenario / Use-case

Latest version of aws/aws-sdk-php 3.337.0, there is a change in S3 default integrity change described here aws/aws-sdk-php#3062

After updating to the latest aws-sdk-php Cloudflare R2 doesn't work anymore and generating this error:
error: NotImplemented: Header ‘x-amz-checksum-crc32’ with value ‘Cu/HOQ==’ not implemented

resulting in files not being uploaded. I know this is a Cloudflare issue, but would it be possible to disable the new config option somewhere within the flysystem-aws-s3-v3 adapter settings?

You can disable default integrity protections for S3. We do not recommend this because checksums are important to S3 integrity posture. Integrity protections can be disabled by setting the config flag to WHEN_REQUIRED, or by using the related AWS shared config file settings or environment variables.

there is also an issue reported on the cloudflare community here: https://community.cloudflare.com/t/aws-sdk-client-s3-v3-729-0-breaks-uploadpart-and-putobject-r2-s3-api-compatibility/758637

I don't know when or if Cloudflare is going to fix this issue.

The current workaround now is downgrading aws-sdk-php in composer.json

"aws/aws-sdk-php": "3.336.15"
@it-can it-can changed the title S3 default integrity change [cloudflare r2] S3 default integrity change Jan 16, 2025
@it-can
Copy link
Author

it-can commented Jan 17, 2025
edited
Loading

Update by cloudflare:

https://developers.cloudflare.com/r2/examples/aws/aws-sdk-php/

Compatibility

Client version 3.337.0 introduced a modification to the default checksum behavior from the client that is currently incompatible with R2 APIs.

To mitigate, users can use 3.336.15 or add the following to their $options:

'request_checksum_calculation' => 'when_required',
'response_checksum_validation' => 'when_required'

WORKAROUND Laravel:

config/filesystem.php

'r2' => [
            'driver' => 's3',
            'key' => env('R2_ACCESS_KEY_ID'),
            'secret' => env('R2_SECRET_ACCESS_KEY'),
            'region' => env('R2_DEFAULT_REGION'),
            'bucket' => env('R2_BUCKET'),
            'url' => env('R2_URL'),
            'endpoint' => env('R2_ENDPOINT'),
            'use_path_style_endpoint' => env('R2_USE_PATH_STYLE_ENDPOINT', false),
            'visibility' => 'private',
            'throw' => false,
            'options' => [
                'StorageClass' => 'STANDARD',
            ],
            'request_checksum_calculation' => 'when_required',
            'response_checksum_validation' => 'when_required',
        ],

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@it-can