Overriding S3 HTTP Headers (Ruby)

S3 Download URL

# Given an S3 URL, this returns a signed S3 url that will force the browser
# to download the file rather than opening it in the browser window. The key
# is to add response-content-disposition to the query string, which tells S3
# to send the content-disposition header you specify. S3 will respect this
# parameter only if the URL is signed. You can override other S3 headers such
# as content-type using this same method. See:
#
# http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html
#
def s3_download_url(url)
  s3_key = URI(url).path
  filename = s3_key.split('/')[-1]
  disposition = "response-content-disposition=attachment;filename=#{filename}"
  expires = 60.minutes.from_now.utc.to_i
  query_string_char = url.include?('?') ? '&' : '?'
  string_to_sign = "GET\n\n\n#{expires}\n#{s3_key}#{query_string_char}#{disposition}"
  digest = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'),
                                S3FileField.config.secret_access_key,
                                string_to_sign)
  signature = Base64.encode64(digest).gsub("\n", "").gsub('+', '%2B')
  "#{url}#{query_string_char}#{disposition}&AWSAccessKeyId=#{AWS.config.access_key_id}&Expires=#{expires}&Signature=#{signature}"
end

If you use the aws-sdk, you can do this:

client = Aws::S3::Client.new(credentials: Aws::Credentials.new(access_key, secret))
signer = Aws::S3::Presigner.new(client: client)
signer.presigned_url(:get_object, bucket: bucket, key: key, response_content_disposition: 'attachment')