mxxk
commented
3 months ago @ryanblock since you reviewed #158, I wanted to ask for your 👀 on this PR! 🙂
Closed mxxk closed 2 months ago
mxxk
commented
3 months ago @ryanblock since you reviewed #158, I wanted to ask for your 👀 on this PR! 🙂
mhart
commented
2 months ago Awesome, thanks for this and apologies for taking so long – I included this in v1.13.1
The options
extraHeadersToIncludeandextraHeadersToIgnore(added in https://github.com/mhart/aws4/commit/180aebd429f4afc3bcf2e370ae683e1b7b23a085) currently control whether headers are present in (or excluded from) signed headers,https://github.com/mhart/aws4/blob/7e2d1cb64f9f604f5a303cd85f19c32f4f5f131a/aws4.js#L310-L321
but neither option has any effect on the canonical headers:
https://github.com/mhart/aws4/blob/7e2d1cb64f9f604f5a303cd85f19c32f4f5f131a/aws4.js#L298-L308
This causes problems with signature calculation: When AWS computes canonical headers, it uses the list of signed headers to determine what headers to include in the canonical headers. If the list of signed headers does not match the headers in the canonical headers, the signature verification fails (see new integration tests).
Fixes #167. Fixes #157. Supersedes #158.