From 4c7ed2b44d6fbf1ebdd401dd3a81c14d288cffb2 Mon Sep 17 00:00:00 2001
From: Mohamed Dardouri <med@dardouri.com>
Date: Wed, 6 May 2026 17:29:10 +0100
Subject: [PATCH] fix: exclude content-length and content-type from
 GetObjectRange signed headers

GetObject correctly skips content-length and content-type headers in
the header generation match, but GetObjectRange falls through to the
wildcard arm which includes them. This causes SignatureDoesNotMatch
errors with Cloudflare R2 and other S3-compatible backends that
reject signed content-length/content-type on range requests.

Add GetObjectRange to the same match arm as GetObject so both commands
produce consistent unsigned headers.
---
 s3/src/request/request_trait.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/s3/src/request/request_trait.rs b/s3/src/request/request_trait.rs
index 9493504236..7f341c2698 100644
--- a/s3/src/request/request_trait.rs
+++ b/s3/src/request/request_trait.rs
@@ -738,6 +738,7 @@ pub trait Request {
             Command::ListObjectsV2 { .. } => {}
             Command::HeadObject => {}
             Command::GetObject => {}
+            Command::GetObjectRange { .. } => {}
             Command::GetObjectTagging => {}
             Command::GetBucketLocation => {}
             Command::ListBuckets => {}