Loading CHANGELOG.next.toml +7 −1 Original line number Diff line number Diff line Loading @@ -10,3 +10,9 @@ # references = ["smithy-rs#920"] # meta = { "breaking" = false, "tada" = false, "bug" = false } # author = "rcoh" [[smithy-rs]] message = "Add ability to sign a request with all headers, or to change which headers are excluded from signing" references = ["smithy-rs#1381"] meta = { "breaking" = false, "tada" = true, "bug" = false } author = "alonlud" aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs +6 −4 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ use crate::http_request::sign::SignableRequest; use crate::http_request::url_escape::percent_encode_path; use crate::http_request::PercentEncodingMode; use crate::sign::sha256_hex_string; use http::header::{HeaderName, HOST, USER_AGENT}; use http::header::{HeaderName, HOST}; use http::{HeaderMap, HeaderValue, Method, Uri}; use std::borrow::Cow; use std::cmp::Ordering; Loading Loading @@ -218,10 +218,12 @@ impl<'a> CanonicalRequest<'a> { let mut signed_headers = Vec::with_capacity(canonical_headers.len()); for (name, _) in &canonical_headers { // The user agent header should not be signed because it may be altered by proxies if name == USER_AGENT { if let Some(excluded_headers) = params.settings.excluded_headers.as_ref() { if excluded_headers.contains(name) { continue; } } if params.settings.signature_location == SignatureLocation::QueryParams { // The X-Amz-User-Agent header should not be signed if this is for a presigned URL if name == HeaderName::from_static(header::X_AMZ_USER_AGENT) { Loading aws/rust-runtime/aws-sigv4/src/http_request/settings.rs +8 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ use http::header::{HeaderName, USER_AGENT}; use std::time::Duration; /// HTTP signing parameters Loading @@ -25,6 +26,9 @@ pub struct SigningSettings { /// For presigned requests, how long the presigned request is valid for pub expires_in: Option<Duration>, /// Headers that should be excluded from the signing process pub excluded_headers: Option<Vec<HeaderName>>, } /// HTTP payload checksum type Loading Loading @@ -59,11 +63,15 @@ pub enum PercentEncodingMode { impl Default for SigningSettings { fn default() -> Self { // The user agent header should not be signed because it may be altered by proxies const EXCLUDED_HEADERS: [HeaderName; 1] = [USER_AGENT]; Self { percent_encoding_mode: PercentEncodingMode::Double, payload_checksum_kind: PayloadChecksumKind::NoHeader, signature_location: SignatureLocation::Headers, expires_in: None, excluded_headers: Some(EXCLUDED_HEADERS.to_vec()), } } } Loading Loading
CHANGELOG.next.toml +7 −1 Original line number Diff line number Diff line Loading @@ -10,3 +10,9 @@ # references = ["smithy-rs#920"] # meta = { "breaking" = false, "tada" = false, "bug" = false } # author = "rcoh" [[smithy-rs]] message = "Add ability to sign a request with all headers, or to change which headers are excluded from signing" references = ["smithy-rs#1381"] meta = { "breaking" = false, "tada" = true, "bug" = false } author = "alonlud"
aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs +6 −4 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ use crate::http_request::sign::SignableRequest; use crate::http_request::url_escape::percent_encode_path; use crate::http_request::PercentEncodingMode; use crate::sign::sha256_hex_string; use http::header::{HeaderName, HOST, USER_AGENT}; use http::header::{HeaderName, HOST}; use http::{HeaderMap, HeaderValue, Method, Uri}; use std::borrow::Cow; use std::cmp::Ordering; Loading Loading @@ -218,10 +218,12 @@ impl<'a> CanonicalRequest<'a> { let mut signed_headers = Vec::with_capacity(canonical_headers.len()); for (name, _) in &canonical_headers { // The user agent header should not be signed because it may be altered by proxies if name == USER_AGENT { if let Some(excluded_headers) = params.settings.excluded_headers.as_ref() { if excluded_headers.contains(name) { continue; } } if params.settings.signature_location == SignatureLocation::QueryParams { // The X-Amz-User-Agent header should not be signed if this is for a presigned URL if name == HeaderName::from_static(header::X_AMZ_USER_AGENT) { Loading
aws/rust-runtime/aws-sigv4/src/http_request/settings.rs +8 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ use http::header::{HeaderName, USER_AGENT}; use std::time::Duration; /// HTTP signing parameters Loading @@ -25,6 +26,9 @@ pub struct SigningSettings { /// For presigned requests, how long the presigned request is valid for pub expires_in: Option<Duration>, /// Headers that should be excluded from the signing process pub excluded_headers: Option<Vec<HeaderName>>, } /// HTTP payload checksum type Loading Loading @@ -59,11 +63,15 @@ pub enum PercentEncodingMode { impl Default for SigningSettings { fn default() -> Self { // The user agent header should not be signed because it may be altered by proxies const EXCLUDED_HEADERS: [HeaderName; 1] = [USER_AGENT]; Self { percent_encoding_mode: PercentEncodingMode::Double, payload_checksum_kind: PayloadChecksumKind::NoHeader, signature_location: SignatureLocation::Headers, expires_in: None, excluded_headers: Some(EXCLUDED_HEADERS.to_vec()), } } } Loading
