Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add whitelisting to headers for S3 presigning #2110

Merged
merged 1 commit into from
Aug 29, 2019
Merged

Add whitelisting to headers for S3 presigning #2110

merged 1 commit into from
Aug 29, 2019

Conversation

mullermp
Copy link
Contributor

@mullermp mullermp commented Aug 29, 2019
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

closes #2098

mullermp
mullermp commented Aug 29, 2019
View reviewed changes
gems/aws-sdk-s3/lib/aws-sdk-s3/presigner.rb
'referer',
'te',
'user-agent'
].freeze
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i removed 'x-amzn-trace-id' because the signer will add it for you:

@unsigned_headers << 'x-amzn-trace-id'

mullermp
mullermp commented Aug 29, 2019
View reviewed changes
gems/aws-sigv4/lib/aws-sigv4/signer.rb Outdated
@@ -361,7 +361,6 @@ def sign_event(prior_signature, payload, encoder)
# `:body_digest` in place of passing `:body`.
#
# @option options [Time] :time (Time.now) Time of the signature.
# You should only set this value for testing.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this wasn't true anymore!

@mullermp mullermp force-pushed the whitelist-headers-s3-presign branch from b122e04 to 9fa7230 Compare August 29, 2019 20:11
cjyclaire
cjyclaire reviewed Aug 29, 2019
View reviewed changes
gems/aws-sdk-s3/spec/presigner_spec.rb Outdated
@@ -116,7 +109,22 @@ module S3
time: Time.utc(1969, 4, 20)
}
actual_url = pre.presigned_url(:get_object, params)
expect(actual_url).to eq(expected_url)
expect(actual_url).to include(date_time)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a side note, not required, I'd prefer a more clear &X-Amz-Date=19690420T000000Z match or &X-Amz-SignedHeaders=host&user-agent,

@mullermp mullermp force-pushed the whitelist-headers-s3-presign branch from 9fa7230 to 396840f Compare August 29, 2019 21:04
@mullermp mullermp merged commit aec0689 into master Aug 29, 2019
@mullermp mullermp deleted the whitelist-headers-s3-presign branch August 29, 2019 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjyclaire cjyclaire cjyclaire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Content-Length is excluded from signed header in presigned_url method
2 participants
@mullermp @cjyclaire