From e84f1f18519ae4374092599c369b3fc5d2f4cd90 Mon Sep 17 00:00:00 2001
From: kqjy <jun@jzwsite.com>
Date: Sat, 21 Mar 2026 23:48:19 +0800
Subject: [PATCH] Fix SigV4 SignatureDoesNotMatch when Expect header is
 stripped by WSGI server

---
 app/s3_api.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/s3_api.py b/app/s3_api.py
index 6a77017..2c151ee 100644
--- a/app/s3_api.py
+++ b/app/s3_api.py
@@ -301,7 +301,12 @@ def _verify_sigv4_header(req: Any, auth_header: str) -> Principal | None:
 
     if _HAS_RUST:
         query_params = list(req.args.items(multi=True))
-        header_values = [(h, req.headers.get(h) or "") for h in signed_headers_str.split(";")]
+        header_values = []
+        for h in signed_headers_str.split(";"):
+            val = req.headers.get(h) or ""
+            if h.lower() == "expect" and val == "":
+                val = "100-continue"
+            header_values.append((h, val))
         if not _rc.verify_sigv4_signature(
             req.method, canonical_uri, query_params, signed_headers_str,
             header_values, payload_hash, amz_date, date_stamp, region,
@@ -390,7 +395,12 @@ def _verify_sigv4_query(req: Any) -> Principal | None:
 
     if _HAS_RUST:
         query_params = [(k, v) for k, v in req.args.items(multi=True) if k != "X-Amz-Signature"]
-        header_values = [(h, req.headers.get(h) or "") for h in signed_headers_str.split(";")]
+        header_values = []
+        for h in signed_headers_str.split(";"):
+            val = req.headers.get(h) or ""
+            if h.lower() == "expect" and val == "":
+                val = "100-continue"
+            header_values.append((h, val))
         if not _rc.verify_sigv4_signature(
             req.method, canonical_uri, query_params, signed_headers_str,
             header_values, "UNSIGNED-PAYLOAD", amz_date, date_stamp, region,