TimeoutError instead of 403 "Forbidden" in case of not corresponding content length

[PrzemyslawSagalo]

Describe the bug

I use aiohttp to upload a file to an AWS S3 bucket using a pre-signed URL.

The header of the PUT request has a Content-Length parameter. If the length specified in the header differs from the actual length of the data being sent, it will cause a TimeoutError instead of returning a 403 "Forbidden" SignatureDoesNotMatch

In my case, these values can be different because the value in the headers is taken from metadata calculated in a different system. Sending it in the headers is necessary to perform validation.

To Reproduce

with open(file_path, "rb") as f:
    async with aiohttp.ClientSession(raise_for_status=False) as async_session:
        data = f.read()
        headers = {
            "Content-MD5": md5_value,
            "Content-Length": str(size_value),
            "Content-Type": "application/octet-stream",
        }
        resp = await async_session.request(method='PUT', url=url_s3_presigned, headers=headers, data=data)

Expected behavior

Return response with 403 "Forbidden" instead of raising TimeoutError

Logs/tracebacks

NA

Python Version

Python 3.11.6

aiohttp Version

Name: aiohttp
Version: 3.9.5
Summary: Async http client/server framework (asyncio)
Home-page: https://github.com/aio-libs/aiohttp
Author:
Author-email:
License: Apache 2
Location: /home/ubuntu/src/venv/lib/python3.11/site-packages
Requires: aiosignal, attrs, frozenlist, multidict, yarl
Required-by:

multidict Version

Name: multidict
Version: 6.0.5
Summary: multidict implementation
Home-page: https://github.com/aio-libs/multidict
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Location: /home/ubuntu/src/venv/lib/python3.11/site-packages
Requires:
Required-by: aiohttp, yarl

yarl Version

Name: yarl
Version: 1.9.4
Summary: Yet another URL library
Home-page: https://github.com/aio-libs/yarl
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache-2.0
Location: /home/ubuntu/src/venv/lib/python3.11/site-packages
Requires: idna, multidict
Required-by: aiohttp

OS

Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal

Related component

Client

Additional context

No response

Code of Conduct

• I agree to follow the aio-libs Code of Conduct

[Dreamsorcerer]

This is on making a request. Why do you think it's an issue with aiohttp? As far as I can see from your example, the server is not responding. If that's really the expected format of a request (which seems weird to me), then surely the issue is with the server.

But, I'd expect any HTTP server to respond that way, i.e. if the Content-Length is longer than the data you sent, then it should continue waiting for the rest of the data. How would the server know when the data has finished being sent otherwise?

[PrzemyslawSagalo]

This is on making a request. Why do you think it's an issue with aiohttp? As far as I can see from your example, the server is not responding. If that's really the expected format of a request (which seems weird to me), then surely the issue is with the server.

But, I'd expect any HTTP server to respond that way, i.e. if the Content-Length is longer than the data you sent, then it should continue waiting for the rest of the data. How would the server know when the data has finished being sent otherwise?

When I am making exactly the same request, using requests or httpx, it just returns 403, which I described earlier.

[Dreamsorcerer]

What's the URL? The most common difference from those libraries is that URLs get encoded, so if you have query params they should be passed with the params parameter, or using an encoded URL: https://docs.aiohttp.org/en/stable/client_quickstart.html#passing-parameters-in-urls

That might explain the different response, if you are actually requesting a different path.