Change the user-agent bool setting to exluced headers list

smithy-lang · May 12, 2022 · 8ff1d2b · 8ff1d2b
1 parent e926d6d
commit 8ff1d2b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs b/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs
@@ -10,7 +10,7 @@ use crate::http_request::sign::SignableRequest;
 use crate::http_request::url_escape::percent_encode_path;
 use crate::http_request::PercentEncodingMode;
 use crate::sign::sha256_hex_string;
-use http::header::{HeaderName, HOST, USER_AGENT};
+use http::header::{HeaderName, HOST};
 use http::{HeaderMap, HeaderValue, Method, Uri};
 use std::borrow::Cow;
 use std::cmp::Ordering;
@@ -218,9 +218,8 @@ impl<'a> CanonicalRequest<'a> {
 
         let mut signed_headers = Vec::with_capacity(canonical_headers.len());
         for (name, _) in &canonical_headers {
-            // The user agent header should not be signed because it may be altered by proxies
-            if name == USER_AGENT {
-                if !params.settings.allow_signing_user_agent_header {
+            if let Some(excluded_headers) = params.settings.excluded_headers.as_ref() {
+                if excluded_headers.contains(name) {
                     continue;
                 }
             }

diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/settings.rs b/aws/rust-runtime/aws-sigv4/src/http_request/settings.rs
@@ -3,6 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+use http::header::{HeaderName, USER_AGENT};
 use std::time::Duration;
 
 /// HTTP signing parameters
@@ -26,8 +27,8 @@ pub struct SigningSettings {
     /// For presigned requests, how long the presigned request is valid for
     pub expires_in: Option<Duration>,
 
-    /// For signed requests, which already signed the user-agent header
-    pub allow_signing_user_agent_header: bool,
+    /// Headers that should be excluded from the signing process
+    pub excluded_headers: Option<Vec<HeaderName>>,
 }
 
 /// HTTP payload checksum type
@@ -62,12 +63,15 @@ pub enum PercentEncodingMode {
 
 impl Default for SigningSettings {
     fn default() -> Self {
+        // The user agent header should not be signed because it may be altered by proxies
+        const EXCLUDED_HEADERS: [HeaderName; 1] = [USER_AGENT];
+
         Self {
             percent_encoding_mode: PercentEncodingMode::Double,
             payload_checksum_kind: PayloadChecksumKind::NoHeader,
             signature_location: SignatureLocation::Headers,
             expires_in: None,
-            allow_signing_user_agent_header: false,
+            excluded_headers: Some(EXCLUDED_HEADERS.to_vec()),
         }
     }
 }