search

Colin-b / httpx_auth

Authentication classes to be used with httpx
MIT License
114 stars 26 forks source link

Question: Why define headers to sign #50

Closed FlorianLudwig closed 6 months ago

FlorianLudwig commented 2 years ago

From reading the code of botocore it seems that they sign all headers except those in a blacklist:

SIGNED_HEADERS_BLACKLIST = [
    'expect',
    'user-agent',
    'x-amzn-trace-id',
]

httpx_auth on the other hand works with a include list approach.

Why?

Colin-b commented 2 years ago

Hi @FlorianLudwig,

Could you tell me what the issue is with this behavior?

ie: you need to exclude some header because of a specific issue?

FlorianLudwig commented 2 years ago

Hi @Colin-b ,

I don't have an issue or specific use case. I was just comparing what boto does with what your code does. And wondered why they behave differently.

Colin-b commented 6 months ago

Hi @FlorianLudwig , latest version now behaves as documented by AWS. You can specify "*" in the headers to include if you want all of them.