Skip to content

Handle 'identity' as a valid Accept-Encoding value #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yteraoka wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Handle 'identity' as a valid Accept-Encoding value #31

yteraoka wants to merge 1 commit into from

Conversation

@yteraoka
Copy link

@yteraoka yteraoka commented Sep 10, 2025

Hello, and thanks for providing this useful package.

I'm using this package to proxy traffic for Terraform, specifically for managing AWS resources. During this process, I encountered InvalidSignatureException errors on certain AWS API requests. After investigating, I found that the issue was due to the package rewriting the Accept-Encoding header to gzip.

These specific requests include the Accept-Encoding header in their AWS Signature Version 4 calculation. The original header value was identity, which is a valid value for requesting no compression. Since identity isn't an unsupported encoding, I've updated the code to preserve it instead of rewriting it.

The change allows requests with an Accept-Encoding header of identity to pass through, resolving the signature mismatch and the resulting InvalidSignatureException.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Encoding

Example Error Message

api error InvalidSignatureException:
The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

Example Authorization Header

Authorization: AWS4-HMAC-SHA256 Credential=ASI*****************/20250910/ap-northeast-1/dynamodb/aws4_request, SignedHeaders=accept-encoding;amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=335d05b91d1de28bf4e06f11224e12b53e9c065a0b6ffb2592bd63b32479f057

Thanks again. Please feel free to merge this when you have a moment.

@yteraoka
Handle 'identity' as a valid Accept-Encoding value
03978b4 
Some AWS SDK API requests include the Accept-Encoding header
in the signature calculation. Previously, any non-empty
Accept-Encoding header was rewritten to `gzip`.
This caused a signature mismatch and resulted in an
InvalidSignatureException error when the original value was
`identity`.

The `identity` value specifies that no compression should be
used, so it is a valid and supported encoding that should
not be changed. This change ensures that the header value is
only rewritten if it's not identity, allowing the original
value to be used for the signature calculation.
windsurf-bot[bot]
windsurf-bot bot reviewed Sep 10, 2025
View reviewed changes
Copy link

@windsurf-bot windsurf-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 🤙

💡 To request another review, post a new comment with "/windsurf-review".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@windsurf-bot windsurf-bot[bot] windsurf-bot[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yteraoka