AkamaiSecureUrlBuilder creates not working urls for files
sim1234 opened this issue · 5 comments
Describe the bug
AkamaiSecureUrlBuilder claims to follow secure delivery guidelines described in https://uploadcare.com/docs/security/secure-delivery/ but the urls generated by it don't work (HTTP 403).
Reference implementation uses Akamai EdgeAuth that differs a bit from what is implemented in this project:
- Akamai implementation uses sha256 hash function while pypuloadcare uses sha1 by default. This isn't an issue since it can be overwritten.
- Akamai doesn't use
acl
in hashed values, nor in the token itself.
Code / screenshots
Uploadcare(..., secure_url_builder=AkamaiSecureUrlBuilder(...)).generate_secure_url("<uuid>")
results in https://mydomain.com/<uuid>/?token=exp=...~acl=/<uuid>/~hmac=...
while
EdgeAuth(...).generate_url_token("<uuid>")
results in exp=.../~hmac=...
Environment
- Library version: 3.1.0
- Language/framework version: Python 3.8
- OS version: macOS 13.0.1
Hi!
This is a known issue, that is addressed in #220.
It'll be a part of version 4.0.
I'll try to introduce it to 3.2 as well.
@sim1234 please check the newest version
@dmitry-mukhin I don't think the acl
issue was addressed there.
Adding ACL is optional. We've decided to use it.
feel free to send PR that makes this optional in pyuploadcare
as well!