Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow exclusion of headers from signature #1442

Open
chris-gilbert-2 opened this issue May 17, 2024 · 1 comment
Open

Allow exclusion of headers from signature #1442

chris-gilbert-2 opened this issue May 17, 2024 · 1 comment

Comments

@chris-gilbert-2
Copy link

Hi all, I am trying to do something that doesn't appear possible currently, but I think could be possible with a small update. Let me explain the problem I am trying to address, and how I think it could be achieved.

In development and test environments, for non AWS http services we proxy requests via Wiremock - this means that normally requests go to the external service but we can override that behaviour on a per request basis by adding a matching rule so a stubbed response is returned.

This makes per-request behaviour nice and easy to manage - we don't have to re-route requests within our code - just override the default routing by adding a specific matching rule to Wiremock as part of test code.

For calls to a private API gateway we are using aws4-axios, and the problem here is that if we try to proxy via Wiremock, the host header in the signature doesn't match - the signature is created based on a wiremock host, but when a proxied request reaches AWS, the host header has been updated by Wiremock to the private API gateway address.

In our development and test environments we would be comfortable excluding the host header completely from the signature for private api calls, and looking at aws4 source code it seems like that is possible by just adding extraHeadersToIgnore to the request. Looking at aws4-axios, I think that could be as simple as specifying it in here so if it was added to the SigningOptions type and passed through when present that would probably work.

If that sounds reasonable, is it a change you would consider accepting as a PR? I'm happy to contribute if you think this is an okay idea.

Thanks
@chris-gilbert-2
Copy link
Author

Actually, this won't solve my problem at all - it works, but host header is mandatory in our situation, it gets validated when the signature is authenticated at the server end.

I guess as a general principle it might be useful to allow configuration like extraHeadersToIgnore, available in the aws4 interface, to be passed through from aws4-axios, but unless anyone's crying out for that, this issue is probably best just closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris-gilbert-2