else
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
+ # Must preserve `%2F` for compatibility with S3 (https://git.pleroma.social/pleroma/pleroma/issues/580)
+ replacement = get_replacement(url, ":2F:")
+
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
base64 =
url
+ |> String.replace("%2F", replacement)
|> URI.decode()
|> URI.encode()
+ |> String.replace(replacement, "%2F")
|> Base.url_encode64(@base64_opts)
sig = :crypto.hmac(:sha, secret, base64)
|> Enum.filter(fn value -> value end)
|> Path.join()
end
+
+ defp get_replacement(url, replacement) do
+ if String.contains?(url, replacement) do
+ get_replacement(url, replacement <> replacement)
+ else
+ replacement
+ end
+ end
end