Closed shulin-sq closed 3 months ago
go get -u github.com/aws/aws-sdk-go-v2/...
while using the sigv4a library (based on https://github.com/aws/aws-sdk-go-v2/commit/9805a196767e31076150a0e5ff38e2356a93e840) we were getting "IncompleteSignatureException: 'connection' is named as a SignedHeader, but it does not exist in the HTTP request." despite connection header being part of the http request.
"IncompleteSignatureException: 'connection' is named as a SignedHeader, but it does not exist in the HTTP request."
for the signature to be accepted. I'm also curious why excluding the connection header as part of the signature seems to work?
2024/04/02 23:05:22 [post-signing] Translated URL: REDACTED 2024/04/02 23:05:22 [post-signing] Translated Header: map[Accept:[*/*] Authorization:[AWS4-ECDSA-P256-SHA256 Credential=REDACTED/20240402/vpc-lattice-svcs/aws4_request, SignedHeaders=accept;connection;host;x-amz-content-sha256;x-amz-date;x-amz-region-set;x-amz-security-token;REDACTED, Signature=REDACTED] Connection:[Keep-Alive] User-Agent:[curl/7.29.0] X-Amz-Content-Sha256:[UNSIGNED-PAYLOAD] X-Amz-Date:[20240402T230522Z] X-Amz-Region-Set:[*] X-Amz-Security-Token:REDACTED] REDACTED]
as per this example connection is part of SignedHeaders and is part of the http request
I noticed in the java sdk, connection is added as an ignored header https://github.com/aws/aws-sdk-java-v2/blob/dc695de6ab49ad03934e1b02e7263abbd2354be0/core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java#L59 adding it to this list https://github.com/aws/aws-sdk-go-v2/blob/50d16cfc5c2a6bd414d66122cc45154eb5483f23/aws/signer/internal/v4/headers.go#L7 seemed to resolve the issue. However I'd like to know more about why this header needs to be ignored.
No response
we're using an internal copy of https://github.com/aws/aws-sdk-go-v2/commit/9805a196767e31076150a0e5ff38e2356a93e840 where the sigv4a library is not in an internal package
go 1.21.5
Oracle Linux 8
Acknowledgements
go get -u github.com/aws/aws-sdk-go-v2/...)Describe the bug
while using the sigv4a library (based on https://github.com/aws/aws-sdk-go-v2/commit/9805a196767e31076150a0e5ff38e2356a93e840) we were getting
"IncompleteSignatureException: 'connection' is named as a SignedHeader, but it does not exist in the HTTP request."despite connection header being part of the http request.Expected Behavior
for the signature to be accepted. I'm also curious why excluding the connection header as part of the signature seems to work?
Current Behavior
"IncompleteSignatureException: 'connection' is named as a SignedHeader, but it does not exist in the HTTP request."
Reproduction Steps
as per this example connection is part of SignedHeaders and is part of the http request
Possible Solution
I noticed in the java sdk, connection is added as an ignored header https://github.com/aws/aws-sdk-java-v2/blob/dc695de6ab49ad03934e1b02e7263abbd2354be0/core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java#L59 adding it to this list https://github.com/aws/aws-sdk-go-v2/blob/50d16cfc5c2a6bd414d66122cc45154eb5483f23/aws/signer/internal/v4/headers.go#L7 seemed to resolve the issue. However I'd like to know more about why this header needs to be ignored.
Additional Information/Context
No response
AWS Go SDK V2 Module Versions Used
we're using an internal copy of https://github.com/aws/aws-sdk-go-v2/commit/9805a196767e31076150a0e5ff38e2356a93e840 where the sigv4a library is not in an internal package
Compiler and Version used
go 1.21.5
Operating System and version
Oracle Linux 8