Setting applyChecksum to false failes head/get_object requests by default

[jackyalbo]

Describe the issue

We were using s3DisableBodySigning = false in sdkv2. When replacing it with applyChecksum = false in v3, the get_object request fails due to signature issues, as it seems we must provide the "x-amz-content-sha256" header set to "UNSIGNED-PAYLOAD".
Can you please approve that the same semantics remain in v2 vs v3 - and that applyChecksum is the same as s3DisableBodySigning and didn't reversed it's meaning. Also, is it documented that due to this upgrade, the client now needs to be responsible for setting this header?

Links

https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/migrate-client-constructors.html

[aBurmeseDev]

Hi @jackyalbo - thanks for reaching out. This is due to changes in v3.729.0 where we introduced default integrity protections for S3. Instead of applyChecksum = false, use the new integrity config params:

const s3Client = new S3Client({
  region: 'us-east-1',
  responseChecksumValidation: 'WHEN_REQUIRED'
});

This should resolve the signature issues without requiring manual x-amz-content-sha256 headers.

See the data integrity documentation for more details. Let me know if you have any other questions!

[jackyalbo]

Hi @aBurmeseDev, if we used to have s3disableBodySigning set to true before migrating to sdkv3 to improve performance, should we replace it now with both requestChecksumCalculation and responseChecksumValidation set to WHEN_REQUIRED?