fix: Add x-amz-content-sha256 to CanonicalHeaders (#179)

nginxinc · Oct 16, 2023 · 085ae0f · 085ae0f
1 parent 2134898
commit 085ae0f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/common/etc/nginx/include/awssig4.js b/common/etc/nginx/include/awssig4.js
@@ -28,7 +28,7 @@ const mod_hmac = require('crypto');
  * Constant defining the headers being signed.
  * @type {string}
  */
-const DEFAULT_SIGNED_HEADERS = 'host;x-amz-date';
+const DEFAULT_SIGNED_HEADERS = 'host;x-amz-content-sha256;x-amz-date';
 
 /**
  * Create HTTP Authorization header for authenticating with an AWS compatible
@@ -76,6 +76,7 @@ function _buildCanonicalRequest(r,
     method, uri, queryParams, host, amzDatetime, sessionToken) {
     const payloadHash = awsHeaderPayloadHash(r);
     let canonicalHeaders = 'host:' + host + '\n' +
+                           'x-amz-content-sha256:' + payloadHash + '\n' +
                            'x-amz-date:' + amzDatetime + '\n';
 
     if (sessionToken && sessionToken.length > 0) {

diff --git a/test/unit/awssig4_test.js b/test/unit/awssig4_test.js
@@ -74,7 +74,7 @@ function _runSignatureV4(r) {
     const canonicalRequest = awssig4._buildCanonicalRequest(r, 
         r.method, req.uri, req.queryParams, req.host, amzDatetime, creds.sessionToken);
 
-    var expected = '600721cacc21e3de14416de7517868381831f4709e5c5663bbf2b738e4d5abe4';
+    var expected = 'cf4dd9e1d28c74e2284f938011efc8230d0c20704f56f67e4a3bfc2212026bec';
     var signature = awssig4._buildSignatureV4(r, 
         amzDatetime, eightDigitDate, creds, region, service, canonicalRequest);