GET requests and the payload parameter

rotatef / aws-sign4

Common Lisp library for Amazon Web Services signing version 4

GNU General Public License v3.0

18 stars 6 forks source link

GET requests and the payload parameter #7

Open asgeirb opened 4 years ago

asgeirb commented 4 years ago

In GET requests one must provide :payload "" in order to generate valid signatures. This is confusing and unnecessary.

This creates an invalid signature: (aws-sign4:aws-sign4 :region :us-east-1 :service "route53" :method :get :host "route53.amazonaws.com" :path "/2013-04-01/hostedzone")

This generates a valid signature: (aws-sign4:aws-sign4 :region :us-east-1 :service "route53" :method :get :payload "" :host "route53.amazonaws.com" :path "/2013-04-01/hostedzone")

asgeirb commented 4 years ago

Looking at the code I see payload=nil creates a UNSIGNED-PAYLOAD request (used in s3), but maybe there should be a special case for GET requests (as unsigned-payload is not relevant)