I don't necessarily think this is even breaking the HTTP standard. While '+' should not be interpreted as spaces as part of a URL <i>while it's being treated as a URL</i>, the HTTP spec doesn't specify / care what file that may map to on a server.<p>Edit: As mentioned below, this isn't correct since URLs should be able to be escaped and return the same resource, and an escaped + differs from an unescaped + on S3.
Amazon has a difficult time with the HTTP standard sometimes. Last time I had to touch an AWS project we discovered a bug[1] in the C++ code backing a Java library (sic).<p>They had implemented their own HTTP client, but forgot to add the "Host" header to requests which is required by HTTP 1.1.<p>Interestingly this client sent requests only to their own services, which means that they either released that without testing it or the backend once accepted faulty requests.<p>[1]: <a href="https://github.com/awslabs/amazon-kinesis-producer/issues/61" rel="nofollow">https://github.com/awslabs/amazon-kinesis-producer/issues/61</a>
Anyone that's dealt with S3 in any capacity should be aware of this, it's literally one of the first encoding problems to come up when dealing with signing requests.<p>@dang can you please add (2010) to the title?
Funnily enough, "URLs and plus signs" is still my most up voted question on stack overflow ( <a href="https://stackoverflow.com/questions/1005676/urls-and-plus-signs" rel="nofollow">https://stackoverflow.com/questions/1005676/urls-and-plus-si...</a> ) -- same a+b example too. 7 years later, it seems even the big names have issue with this.
This burned me and because of it I can't host a specific static site on S3 because it requires plus signs. Can't change the files being uploaded due to the system generating them... tried to rig up some sort of Akamai rewrite rule to change it at the CDN level but couldn't get it to work.
(Update - the original title mentioned AWS has been breaking standards since 2010. The new title is fine. Thanks for updating it.)<p>Little bit of hyperbole in the title imo. S3 has generally been very good at embracing the fundamental principles of HTTP and REST, leaving aside corner cases like this.
&tldr; A legacy behavior is to treat + as a space. When you've been around you need to keep backwards compatibility.<p>URLs and URIs have separate standards from HTTP and they have changed over time (been replaced by newer ones).<p>Many years ago it was common to encode a space as a + sign. For example, the PHP function urlencode[1] does the same thing with a + sign. If you're a PHP user, don't use this function unless you know you need to. There are better functions now.<p>[1] <a href="http://php.net/manual/en/function.urlencode.php" rel="nofollow">http://php.net/manual/en/function.urlencode.php</a>
Should this really be considered to be a spec violation? It's a restriction, sure, but S3 is to be considered a specific application with specific constraints.
In response to the reported RFC violation, elving@AWS writes: "I agree that's unconventional and unfortunate." My corporate bullshit detector is off the scale.<p>In earlier times, we would have both the ability and the balls to treat that unwillingness to uphold the rules we all set out with as damage to the Internet, and route around it. But sadly, AWS has become too big to fail, so the engineers introduce special cases into their products and deploy them.