-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add excluded headers list in the setting option. for verification … #1381
Conversation
edit: I see now—you are on the verification side |
I think this is a useful thing to support but I think we may need a different approach—I suspect we'll want to either accept an explicit list of headers to sign or a function. I think the |
I agree with you, high chance that it would be more useful to change it to some kind of vector of HeaderNames which should not be part of the signing. something like this:
The default can be: Some([User-Agent]) I can modify the PR to implement this. |
That sounds reasonable to me. |
I have updated the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thank you for the contribution!
This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only the case for a default constructed `SigningSettings` where its field `excluded_headers` just contained `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected.
This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only a case where the `excluded_headers` field in `SigningSettings` contained just `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected.
* Add test for excluded headers list This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only a case where the `excluded_headers` field in `SigningSettings` contained just `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected. * Update CHANGELOG.next.toml * Update CHANGELOG.next.toml Co-authored-by: John DiSanti <[email protected]> Co-authored-by: Saito <[email protected]> Co-authored-by: John DiSanti <[email protected]>
…signed request
Motivation and Context
I would like to verify an HTTP request which already been signed with the sigv4, Authorization header.
The header contains:
"SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-date;x-amz-target, ..."
To correctly sign the request and verify the signature, I will also need to sign the User-Agent header.
Description
Add bool flag in the setting option allow_signing_user_agent_header.
The flag is by default false. But can be set to the true outside of the sigv4 crate.
This allows verifying a signed request correctly as the sigv4 is able now to sign also the User-Agent header.