Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Header Blacklist #1026

Merged
merged 2 commits into from
Dec 11, 2015
Merged

Header Blacklist #1026

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
63490d3
Add a Blacklist of Some Headers From Signing
awood45 Nov 24, 2015
8b9d6f1
Add Spec Test for Blacklist Headers
awood45 Nov 24, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 25 additions & 2 deletions aws-sdk-core/lib/aws-sdk-core/signers/v4.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,27 @@ module Aws
module Signers
class V4

BLACKLIST_HEADERS = [
'cache-control',
'content-length',
'expect',
'max-forwards',
'pragma',
'range',
'te',
'if-match',
'if-none-match',
'if-modified-since',
'if-unmodified-since',
'if-range',
'accept',
'authorization',
'proxy-authorization',
'from',
'referer',
'user-agent'
]

def self.sign(context)
new(
context.config.credentials,
Expand Down Expand Up @@ -162,7 +183,9 @@ def normalized_querystring(querystring)
def signed_headers(request)
request.headers.keys.inject([]) do |signed_headers, header_key|
header_key = header_key.downcase
signed_headers << header_key unless header_key == 'authorization'
unless BLACKLIST_HEADERS.include?(header_key)
signed_headers << header_key
end
signed_headers
end.sort.join(';')
end
Expand All @@ -171,7 +194,7 @@ def canonical_headers(request)
headers = []
request.headers.each_pair do |k,v|
k = k.downcase
headers << [k,v] unless k == 'authorization'
headers << [k,v] unless BLACKLIST_HEADERS.include?(k)
end
headers = headers.sort_by(&:first)
headers.map{|k,v| "#{k}:#{canonical_header_value(v.to_s)}" }.join("\n")
Expand Down
12 changes: 11 additions & 1 deletion aws-sdk-core/spec/aws/signers/v4_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ module Signers
http_request.headers['Bar2'] = '"bar bar"'
http_request.body = StringIO.new('http-body')
http_request.headers['Content-Length'] = 9
expect(sign.headers['Authorization']).to eq('AWS4-HMAC-SHA256 Credential=akid/20120102/REGION/SERVICE/aws4_request, SignedHeaders=bar;bar2;content-length;foo;host;x-amz-content-sha256;x-amz-date, Signature=6b40912702f78866fcd13804e2bc2703bf5f73264ebe0fa54a28d16bcdddb88c')
expect(sign.headers['Authorization']).to eq('AWS4-HMAC-SHA256 Credential=akid/20120102/REGION/SERVICE/aws4_request, SignedHeaders=bar;bar2;foo;host;x-amz-content-sha256;x-amz-date, Signature=7066fb1a3fd7e436114d029b208143fdba353169990d430be4562a9c1d2749d5')
end

end
Expand All @@ -116,6 +116,16 @@ module Signers
expect(signer.signed_headers(http_request)).to eq('abc;mno;xyz')
end

it 'ignores certain headers such as user-agent and cache-control' do
http_request.headers = {}
http_request.headers['Xyz'] = '1'
http_request.headers['Abc'] = '2'
http_request.headers['Mno'] = '3'
http_request.headers['Cache-Control'] = '4'
http_request.headers['User-Agent'] = '5'
expect(signer.signed_headers(http_request)).to eq('abc;mno;xyz')
end

end

context '#canonical_headers' do
Expand Down