signature_v4_auth only produces unsigned payload requests #59
Comments
|
I'll look into this. Thanks for raising it! |
|
Also, looking at the code, wow. I feel like the |
|
Looking more into this, according to the docs the signed body is required (and certainly features in all of their examples). But we've not generated it so far. So I'm unsure whether I should change it to generate that by default. |
|
It shouldn't hurt unless the caller has changed the body. But good question - it would be nice to have a general |
|
Okay, I've released a version which has the facility to generate that header. So it can at least be used by packages. When I have a better idea of how to test it, it can switch to default |
Please specify whether your issue is about:
signature_v4_auth()produces unsigned payload requests, because it doesn't addx-amz-content-sha256to the canonical headers (see https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html). It does compute the body hash which is needed, so it would be really easy forsignature_v4_auth()to add an option to includex-amz-content-sha256in the computation (e.g.signed_payload=TRUE). It is much harder for the caller to do it, because it would have to either callsignature_v4_auth()twice (once to get the body hash and second time to actually sign it) or compute the body hash manually and add it to the explicit canonical headers.Apparently some back-ends require signed payload (see cloudyr/aws.s3#362 ) and Amazon may, too, at some point so it would be good to add this.
The text was updated successfully, but these errors were encountered: