Expand skipped headers for sigv4 canonical request signing to include…

… x-amzn-trace-id and authorization headers.
smithy-lang · Jun 28, 2023 · 25e7b23 · 25e7b23
1 parent 8663237
commit 25e7b23
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 5 deletions.
diff --git a/CHANGELOG.next.toml b/CHANGELOG.next.toml
@@ -12,9 +12,9 @@
 # author = "rcoh"
 
  [[aws-sdk-rust]]
- message = "Automatically exclude x-ray trace id headers and authorization headers from Sigv4 canonical request calculations."
- references = ["smithy-rs#2813"]
- meta = { "breaking" = false, "tada" = false, "bug" = false }
+ message = "Automatically exclude X-Ray trace ID headers and authorization headers from SigV4 canonical request calculations."
+ references = ["smithy-rs#2815"]
+ meta = { "breaking" = false, "tada" = false, "bug" = true }
  author = "relevantsam"
 
  [[aws-sdk-rust]]

diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs b/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs
@@ -774,6 +774,36 @@ mod tests {
         assert_eq!(creq.values.signed_headers().as_str(), "host;x-amz-date");
     }
 
+    // It should exclude authorization, user-agent, x-amzn-trace-id headers from presigning
+    #[test]
+    fn non_presigning_header_exclusion() {
+        let request = http::Request::builder()
+            .uri("https://some-endpoint.some-region.amazonaws.com")
+            .header("authorization", "test-authorization")
+            .header("content-type", "application/xml")
+            .header("content-length", "0")
+            .header("user-agent", "test-user-agent")
+            .header("x-amzn-trace-id", "test-trace-id")
+            .header("x-amz-user-agent", "test-user-agent")
+            .body("")
+            .unwrap();
+        let request = SignableRequest::from(&request);
+
+        let settings = SigningSettings {
+            signature_location: SignatureLocation::Headers,
+            ..Default::default()
+        };
+
+        let signing_params = signing_params(settings);
+        let canonical = CanonicalRequest::from(&request, &signing_params).unwrap();
+
+        let values = canonical.values.as_headers().unwrap();
+        assert_eq!(
+            "content-length;content-type;host;x-amz-date;x-amz-user-agent",
+            values.signed_headers.as_str()
+        );
+    }
+
     // It should exclude authorization, user-agent, x-amz-user-agent, x-amzn-trace-id headers from presigning
     #[test]
     fn presigning_header_exclusion() {

diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/settings.rs b/aws/rust-runtime/aws-sigv4/src/http_request/settings.rs
@@ -9,7 +9,7 @@ use std::time::Duration;
 /// HTTP signing parameters
 pub type SigningParams<'a> = crate::SigningParams<'a, SigningSettings>;
 
-const X_RAY_TRACE_HEADER: &str = "x-amzn-trace-id";
+const X_RAY_TRACE_HEADER: HeaderName = HeaderName::from_static("x-amzn-trace-id");
 
 /// HTTP-specific signing settings
 #[derive(Debug, PartialEq)]
@@ -111,7 +111,7 @@ impl Default for SigningSettings {
             // Changes when sent by proxy
             USER_AGENT,
             // Changes based on the request from the client
-            HeaderName::from_static(X_RAY_TRACE_HEADER),
+            X_RAY_TRACE_HEADER,
         ]
         .to_vec();