diff --git a/src/aws/auth.coffee b/src/aws/auth.coffee
index 6d70ace..40437d9 100644
--- a/src/aws/auth.coffee
+++ b/src/aws/auth.coffee
@@ -77,7 +77,8 @@ class AwsAuth
       @headerMap['x-amz-content-sha256']
 
   canonicalURI: ->
-    encodeURI @url.pathname
+    # new URL already handles URI encoding for the pathname. No need to repeat here.
+    @url.pathname
 
   canonicalQueryString: ->
     return "" if not @qsMap
diff --git a/src/index.coffee b/src/index.coffee
index 3a53f97..b5d6200 100644
--- a/src/index.coffee
+++ b/src/index.coffee
@@ -113,7 +113,7 @@ handleGET = (req, file) ->
   # Add content-disposition header to indicate file name
   inline = util.shouldShowInline headers['content-type']
   headers['content-disposition'] =
-    (if inline then 'inline;' else 'attachment;') + ' filename=' + fileName
+    (if inline then 'inline;' else 'attachment;') + ' filename*=' + encodeURIComponent fileName
 
   # Handle ranged resposes
   if resp.headers.has 'content-range'