Skip to content

fix: ignore hop-by-hop headers when signing requests #1227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 28, 2025
Merged

fix: ignore hop-by-hop headers when signing requests #1227

merged 1 commit into from
Jan 28, 2025

Conversation

ianbotsf
Copy link
Contributor

Issue #

(none)

Description of changes

This change adds headers defined by RFC 2616 § 13.5.1 as "hop-by-hop" headers to the ignore list for signing. This prevents signatures from becoming invalid if intervening proxies/caches alter the headers.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ianbotsf ianbotsf requested a review from a team as a code owner January 28, 2025 18:14
@github-actions GitHub Actions
Copy link

Affected Artifacts

Changed in size
Artifact Pull Request (bytes) Latest Release (bytes) Delta (bytes) Delta (percentage)
http-client-engine-okhttp4-jvm.jar 14,418 14,324 94 0.66%
aws-signing-default-jvm.jar 51,946 51,806 140 0.27%
runtime-core-jvm.jar 818,814 818,677 137 0.02%
http-client-engine-okhttp-jvm.jar 115,499 115,536 -37 -0.03%

@ianbotsf ianbotsf merged commit 9f44cdb into main Jan 28, 2025
16 checks passed
@ianbotsf ianbotsf deleted the fix-signing-h2h-headers branch January 28, 2025 18:33
@ianbotsf ianbotsf mentioned this pull request Jan 28, 2025
Merged
xinsong-cui added a commit that referenced this pull request Jan 31, 2025
@xinsong-cui @lauzadis
@aws-sdk-kotlin-ci @ianbotsf
v1.5 merge (#1232)
e7e342d 
* fix: add 0.9.x aws-crt-kotlin transform (#1220)

* fix: Ensure `Host` header is included when signing auth tokens (#1222)

* chore: release 1.4.1

* chore: bump snapshot version to 1.4.2-SNAPSHOT

* fix: address various failing protocol tests (#1223)

* misc: re-enable `kotlinWarningsAsErrors=true` (#1224)

* fix: ignore hop-by-hop headers when signing requests (#1227)

* chore: release 1.4.2

* chore: bump snapshot version to 1.4.3-SNAPSHOT

* misc: add telemetry configuration to DefaultAwsSigner (#1226)

* add telemetry provider configuration

* lint

* address pr reviews

* add changelog

---------

Co-authored-by: Matas <[email protected]>
Co-authored-by: aws-sdk-kotlin-ci <[email protected]>
Co-authored-by: Ian Botsford <[email protected]>
@lauzadis lauzadis mentioned this pull request Jul 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lauzadis lauzadis lauzadis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ianbotsf @lauzadis