Add excluded headers list in the setting option. for verification … #1381
Conversation
|
edit: I see now—you are on the verification side |
|
I think this is a useful thing to support but I think we may need a different approach—I suspect we'll want to either accept an explicit list of headers to sign or a function. I think the |
|
I agree with you, high chance that it would be more useful to change it to some kind of vector of HeaderNames which should not be part of the signing. something like this: The default can be: Some([User-Agent]) I can modify the PR to implement this. |
|
That sounds reasonable to me. |
alonlud
changed the title
|
I have updated the PR. |
This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only the case for a default constructed `SigningSettings` where its field `excluded_headers` just contained `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected.
This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only a case where the `excluded_headers` field in `SigningSettings` contained just `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected.
* Add test for excluded headers list This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only a case where the `excluded_headers` field in `SigningSettings` contained just `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected. * Update CHANGELOG.next.toml * Update CHANGELOG.next.toml Co-authored-by: John DiSanti <[email protected]> Co-authored-by: Saito <[email protected]> Co-authored-by: John DiSanti <[email protected]>
…signed request
Motivation and Context
I would like to verify an HTTP request which already been signed with the sigv4, Authorization header.
The header contains:
"SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;amz-sdk-retry;content-length;content-type;host;user-agent;x-amz-date;x-amz-target, ..."
To correctly sign the request and verify the signature, I will also need to sign the User-Agent header.
Description
Add bool flag in the setting option allow_signing_user_agent_header.
The flag is by default false. But can be set to the true outside of the sigv4 crate.
This allows verifying a signed request correctly as the sigv4 is able now to sign also the User-Agent header.