only add the header when it's already exists

boto · Sep 3, 2024 · bbd449a · bbd449a
1 parent 8c2c3da
commit bbd449a
Showing 1 changed file with 15 additions and 7 deletions.
diff --git a/botocore/crt/auth.py b/botocore/crt/auth.py
@@ -81,7 +81,7 @@ def add_auth(self, request):
         else:
             explicit_payload = UNSIGNED_PAYLOAD
 
-        if self._should_add_content_sha256_header(explicit_payload):
+        if self._should_add_content_sha256_header(existing_sha256, explicit_payload):
             body_header = (
                 awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256
             )
@@ -169,7 +169,7 @@ def _should_sha256_sign_payload(self, request):
         # bit of metadata through the request context.
         return request.context.get('payload_signing_enabled', True)
 
-    def _should_add_content_sha256_header(self, explicit_payload):
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
         # only add X-Amz-Content-SHA256 header if payload is explicitly set
         return explicit_payload is not None
 
@@ -278,7 +278,7 @@ def add_auth(self, request):
         else:
             explicit_payload = UNSIGNED_PAYLOAD
 
-        if self._should_add_content_sha256_header(explicit_payload):
+        if self._should_add_content_sha256_header(existing_sha256, explicit_payload):
             body_header = (
                 awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256
             )
@@ -371,7 +371,7 @@ def _should_sha256_sign_payload(self, request):
         # bit of metadata through the request context.
         return request.context.get('payload_signing_enabled', True)
 
-    def _should_add_content_sha256_header(self, explicit_payload):
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
         # only add X-Amz-Content-SHA256 header if payload is explicitly set
         return explicit_payload is not None
 
@@ -421,7 +421,7 @@ def _should_sha256_sign_payload(self, request):
         # checks.
         return super()._should_sha256_sign_payload(request)
 
-    def _should_add_content_sha256_header(self, explicit_payload):
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
         # Always add X-Amz-Content-SHA256 header
         return True
 
@@ -494,6 +494,10 @@ def _apply_signing_changes(self, aws_request, signed_crt_request):
         # fragment - 4
         aws_request.url = urlunsplit((p[0], p[1], p[2], signed_query, p[4]))
 
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
+        # only add X-Amz-Content-SHA256 header if header already exists.
+        return existing_sha256 is not None
+
 
 class CrtS3SigV4AsymQueryAuth(CrtSigV4AsymQueryAuth):
     """S3 SigV4A auth using query parameters.
@@ -512,7 +516,7 @@ def _should_sha256_sign_payload(self, request):
         # payload. Instead, you use a constant string "UNSIGNED-PAYLOAD".
         return False
 
-    def _should_add_content_sha256_header(self, explicit_payload):
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
         # Never add X-Amz-Content-SHA256 header
         return False
 
@@ -591,6 +595,10 @@ def _apply_signing_changes(self, aws_request, signed_crt_request):
         # fragment - 4
         aws_request.url = urlunsplit((p[0], p[1], p[2], signed_query, p[4]))
 
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
+        # only add X-Amz-Content-SHA256 header if header already exists.
+        return existing_sha256 is not None
+
 
 class CrtS3SigV4QueryAuth(CrtSigV4QueryAuth):
     """S3 SigV4 auth using query parameters.
@@ -611,7 +619,7 @@ def _should_sha256_sign_payload(self, request):
         # payload. Instead, you use a constant string "UNSIGNED-PAYLOAD".
         return False
 
-    def _should_add_content_sha256_header(self, explicit_payload):
+    def _should_add_content_sha256_header(self, existing_sha256, explicit_payload):
         # Never add X-Amz-Content-SHA256 header
         return False