Bugfix/consistent urlencoding #57
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#56
The proposed change is to "normalize" the url by calling getIntendedUrl() before calculating the signature in order to ensure the url is parsed the same way as it is returned after the final signature (appending the expires and signature query params). This way the url is url encoded consistently (special characters in the query params too).
Tests are added to validate this behaviour.
At the same time a test is added for a case when url includes reserved (expires and signature) query param keys. By design, these params are automatically overridden, that I think is the expected behaviour.
Before this change the validation always failed, because the signature was calculated on the full "raw" url including the reserved query params. However since the original query params are overridden the signature will never not match (at validation the signature is calculated without the reserved query params).