From bbd449a867e2b74a7ffb6cdf01785000c86773f8 Mon Sep 17 00:00:00 2001 From: Dengke Date: Tue, 3 Sep 2024 15:10:45 -0700 Subject: [PATCH 1/2] only add the header when it's already exists --- botocore/crt/auth.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/botocore/crt/auth.py b/botocore/crt/auth.py index 0d1a81def4..52dcd4e088 100644 --- a/botocore/crt/auth.py +++ b/botocore/crt/auth.py @@ -81,7 +81,7 @@ def add_auth(self, request): else: explicit_payload = UNSIGNED_PAYLOAD - if self._should_add_content_sha256_header(explicit_payload): + if self._should_add_content_sha256_header(existing_sha256, explicit_payload): body_header = ( awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256 ) @@ -169,7 +169,7 @@ def _should_sha256_sign_payload(self, request): # bit of metadata through the request context. return request.context.get('payload_signing_enabled', True) - def _should_add_content_sha256_header(self, explicit_payload): + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): # only add X-Amz-Content-SHA256 header if payload is explicitly set return explicit_payload is not None @@ -278,7 +278,7 @@ def add_auth(self, request): else: explicit_payload = UNSIGNED_PAYLOAD - if self._should_add_content_sha256_header(explicit_payload): + if self._should_add_content_sha256_header(existing_sha256, explicit_payload): body_header = ( awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256 ) @@ -371,7 +371,7 @@ def _should_sha256_sign_payload(self, request): # bit of metadata through the request context. return request.context.get('payload_signing_enabled', True) - def _should_add_content_sha256_header(self, explicit_payload): + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): # only add X-Amz-Content-SHA256 header if payload is explicitly set return explicit_payload is not None @@ -421,7 +421,7 @@ def _should_sha256_sign_payload(self, request): # checks. return super()._should_sha256_sign_payload(request) - def _should_add_content_sha256_header(self, explicit_payload): + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): # Always add X-Amz-Content-SHA256 header return True @@ -494,6 +494,10 @@ def _apply_signing_changes(self, aws_request, signed_crt_request): # fragment - 4 aws_request.url = urlunsplit((p[0], p[1], p[2], signed_query, p[4])) + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): + # only add X-Amz-Content-SHA256 header if header already exists. + return existing_sha256 is not None + class CrtS3SigV4AsymQueryAuth(CrtSigV4AsymQueryAuth): """S3 SigV4A auth using query parameters. @@ -512,7 +516,7 @@ def _should_sha256_sign_payload(self, request): # payload. Instead, you use a constant string "UNSIGNED-PAYLOAD". return False - def _should_add_content_sha256_header(self, explicit_payload): + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): # Never add X-Amz-Content-SHA256 header return False @@ -591,6 +595,10 @@ def _apply_signing_changes(self, aws_request, signed_crt_request): # fragment - 4 aws_request.url = urlunsplit((p[0], p[1], p[2], signed_query, p[4])) + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): + # only add X-Amz-Content-SHA256 header if header already exists. + return existing_sha256 is not None + class CrtS3SigV4QueryAuth(CrtSigV4QueryAuth): """S3 SigV4 auth using query parameters. @@ -611,7 +619,7 @@ def _should_sha256_sign_payload(self, request): # payload. Instead, you use a constant string "UNSIGNED-PAYLOAD". return False - def _should_add_content_sha256_header(self, explicit_payload): + def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): # Never add X-Amz-Content-SHA256 header return False From f1e047d6c1d6c58b7e00ffeb831960078cd4a566 Mon Sep 17 00:00:00 2001 From: Dengke Date: Tue, 3 Sep 2024 15:49:17 -0700 Subject: [PATCH 2/2] make the behavior more clear from the Python code instead of buried behind the C implementation --- botocore/crt/auth.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/botocore/crt/auth.py b/botocore/crt/auth.py index 52dcd4e088..7ac4477076 100644 --- a/botocore/crt/auth.py +++ b/botocore/crt/auth.py @@ -495,8 +495,8 @@ def _apply_signing_changes(self, aws_request, signed_crt_request): aws_request.url = urlunsplit((p[0], p[1], p[2], signed_query, p[4])) def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): - # only add X-Amz-Content-SHA256 header if header already exists. - return existing_sha256 is not None + # only add X-Amz-Content-SHA256 header if header already set to UNSIGNED_PAYLOAD + return existing_sha256 == UNSIGNED_PAYLOAD class CrtS3SigV4AsymQueryAuth(CrtSigV4AsymQueryAuth): @@ -596,8 +596,8 @@ def _apply_signing_changes(self, aws_request, signed_crt_request): aws_request.url = urlunsplit((p[0], p[1], p[2], signed_query, p[4])) def _should_add_content_sha256_header(self, existing_sha256, explicit_payload): - # only add X-Amz-Content-SHA256 header if header already exists. - return existing_sha256 is not None + # only add X-Amz-Content-SHA256 header if header already set to UNSIGNED_PAYLOAD + return existing_sha256 == UNSIGNED_PAYLOAD class CrtS3SigV4QueryAuth(CrtSigV4QueryAuth):