MOD: include zero content-length header if present #3127
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In Brief
This change addresses an issue in the SigV4 signing process where an explicit Content-Length: 0 header would be omitted from the set of signed headers.
Description of Problem
The v4 signer is responsible for building a canonical request, which includes a list of signed headers. The current implementation has two relevant behaviors:
It automatically adds the Content-Length header to the signed headers only if the request body's length is greater than zero (length > 0).
It iterates through the request's existing headers but contains a condition to always skip a header named Content-Length, to prevent it from being added twice.
The combination of these two behaviors means that if a request has a zero-length body and an explicit Content-Length: 0 header, the header is never included in the signature. This can lead to signature mismatch errors for AWS services that require Content-Length to be signed, even for empty bodies (e.g., S3 PutObject).
The Fix
This PR modifies the condition that skips existing Content-Length headers. Instead of unconditionally skipping it, the condition is now strings.EqualFold(k, contentLengthHeader) && length > 0.
This ensures that the pre-existing Content-Length header is only skipped if the signer has already handled it (because length > 0). If length is 0, the signer will now correctly process and sign an explicit Content-Length: 0 header found on the request.
How to Test
This can be verified with a unit test that creates a request with a zero-byte body, adds an explicit Content-Length: 0 header, and asserts that content-length is present in the canonical headers string generated by the signer.