Issue
After upgrading Studio Pro to version 10.24.14 or newer, the AWS storage SDK was also updated to version 2. When using Mendix On-Premises with the third-party S3 bucket NetApp, the communication with the bucket fails with the following error:
software.amazon.awssdk.services.s3.model.S3Exception: x-amz-content-sha256 must be UNSIGNED-PAYLOAD, STREAMING-AWS4-HMAC-SHA256-PAYLOAD or a valid sha256 value. (Service: S3, Status Code: 400)Environment
- Applications hosted in On-Premises
- Studio Pro v10.24.14 or newer
Cause
The x-amz-content-sha256 header is missing from the requests. This header is required for all AWS Signature Version 4 requests and provides a hash of the request payload. The S3 storage API version 2 in Mendix uses AWS SDK v4 signatures, which is required with the third-party S3 bucket NetApp storage provider.
Solution/Workaround
To resolve this issue, configure the AWS SDK checksum calculation and validation settings by setting the following environment variables on the server hosting your Mendix application:
export AWS_REQUEST_CHECKSUM_CALCULATION=WHEN_REQUIREDexport AWS_RESPONSE_CHECKSUM_VALIDATION=WHEN_REQUIRED
These environment variables ensure that the x-amz-content-sha256 header is properly set with the required checksum values. When there is no payload, the hash of an empty string will be provided.
Alternative workaround: Create a custom storage provider based on com.mendix.storage.s3 that implements these checksum settings programmatically.
Notes: Currently, there is no runtime setting available to enable these headers directly within Mendix. Setting environment variables is the recommended approach for configuring the AWS SDK behavior.
The NetApp solution is not supported by Mendix; the proposed solution and workaround are not supported as well, and Mendix cannot help with their implementation.
Internal information related
- 276120
- C3T260XGA/p1776160516355549
Additional information
Mendix documentation: Storage Services for Containers
0 Comments