Checkboxes for prior research
Describe the bug
Summary
After PR #7237, the CloudFront URL signer has stopped URL-encoding spaces in S3 object keys, causing a breaking change in signed URL generation.
Background
Prior to PR #7237, when signing CloudFront URLs for S3 objects containing spaces in their keys (e.g., "My File.pdf"), the signer would automatically URL-encode the space as %20, producing a valid signed URL like https://example.cloudfront.net/My%20File.pdf?....
Current Behavior
After PR #7237, the CloudFront signer returns unencoded spaces in the URL (e.g., https://example.cloudfront.net/My File.pdf?...), which produces invalid URLs that fail in browsers and HTTP clients.
Expected Behavior
The CloudFront signer should either:
- Automatically URL-encode special characters (including spaces) in object keys, OR
- Clearly document that clients must URL-encode keys before passing them to the signer
Impact
This is a breaking change that affects:
- Existing applications relying on automatic URL encoding
- S3 objects with spaces or special characters in their keys
- Any workflow where user-provided filenames are used as S3 keys
Steps to ### Reproduce
// Example code demonstrating the issue
const signer = new CloudFrontUrlSigner(/* config */);
const url = signer.getSignedUrl({
url: 'https://example.cloudfront.net/My File.pdf',
// ... other params
});
console.log(url); // Contains unencoded space
Environment
AWS SDK version: [post-PR #7237]
Node.js version: [v22]
Proposed Solution
Either revert the behavior to automatically URL-encode keys, or update the documentation to explicitly state that URL encoding is the caller's responsibility.
Regression Issue
SDK version number
@aws-sdk/cloudfront-signer@3.946.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v22.15.0
Reproduction Steps
// Example code demonstrating the issue
const signer = new CloudFrontUrlSigner(/* config */);
const url = signer.getSignedUrl({
url: 'https://example.cloudfront.net/My File.pdf',
// ... other params
});
console.log(url); // Contains unencoded space
Observed Behavior
https://example.cloudfront.net/My File.pdf?...
Expected Behavior
https://example.cloudfront.net/My%20File.pdf?....
Possible Solution
Either revert the behavior to automatically URL-encode keys, or update the documentation to explicitly state that URL encoding is the caller's responsibility.
Additional Information/Context
No response
Checkboxes for prior research
Describe the bug
Summary
After PR #7237, the CloudFront URL signer has stopped URL-encoding spaces in S3 object keys, causing a breaking change in signed URL generation.
Background
Prior to PR #7237, when signing CloudFront URLs for S3 objects containing spaces in their keys (e.g., "My File.pdf"), the signer would automatically URL-encode the space as %20, producing a valid signed URL like
https://example.cloudfront.net/My%20File.pdf?....Current Behavior
After PR #7237, the CloudFront signer returns unencoded spaces in the URL (e.g.,
https://example.cloudfront.net/My File.pdf?...), which produces invalid URLs that fail in browsers and HTTP clients.Expected Behavior
The CloudFront signer should either:
Impact
This is a breaking change that affects:
Steps to ### Reproduce
Environment
AWS SDK version: [post-PR #7237]
Node.js version: [v22]
Proposed Solution
Either revert the behavior to automatically URL-encode keys, or update the documentation to explicitly state that URL encoding is the caller's responsibility.
Regression Issue
SDK version number
@aws-sdk/cloudfront-signer@3.946.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v22.15.0
Reproduction Steps
Observed Behavior
https://example.cloudfront.net/My File.pdf?...Expected Behavior
https://example.cloudfront.net/My%20File.pdf?....Possible Solution
Either revert the behavior to automatically URL-encode keys, or update the documentation to explicitly state that URL encoding is the caller's responsibility.
Additional Information/Context
No response