response-content-disposition with 'filename' in UTF-8 encoding causing 'Access Denied' error

[drone1]

I doubt this is an aws-cloudfront-sign issue, so apologizes for posting here, but I'm a bit desperate.

I'm using v2.2.0 (latest as of today).

I've followed the spec to a T but can't seem to get this working. It works fine if I use plain ol':

		'response-content-disposition': `${contentDisposition}; filename="${encodeURIComponent(filename)}"`

in the code sample below.

But if I try to use this filename*=UTF-8''... jazz, I get Access Denied from Cloudfront.

Any thoughts? Here is my code, simplified:

function getDownloadUrl({cloudFrontFileUrl, contentDisposition, ...}) {
	const urlWithS3QueryParams = URL.parse(cloudFrontFileUrl);  // Parse URL

	urlWithS3QueryParams.query = { // Modify query params
		'response-content-disposition': `${contentDisposition}; filename*=UTF-8''${encodeURIComponent(filename)}`,
		...(cacheBreakerVersion !== null ? { 'version': cacheBreakerVersion } : {}),
	};

	// Add in any request for a specific Content-Type header back from S3.
	if (contentType) {
		 urlWithS3QueryParams['response-content-type'] = contentType;
	}

	return cfsign.getSignedUrl(
		 urlWithS3QueryParams.format(), { // Use our new URL with query params
			 keypairId: ...,
			 privateKeyString: ...,
			 expireTime: Date.now() + expirationHours * 1000 * 60 * 60,
		 }
}

Any help would be greatly appreciated. Thank you kindly.

[p3v9d5ui]

Hi @drone1 . I think this is an issue with this package. I'm also facing the same issue. If I either downgrade to version 2.2.1 or remove response-content-disposition from the URL, then it works fine.

@jasonsims , Could it be that this is the same issue which was previously fixed? #10