Question: Why define headers to sign

Question

FlorianLudwig opened this issue 2 years ago · comments

From reading the code of botocore it seems that they sign all headers except those in a blacklist:

SIGNED_HEADERS_BLACKLIST = [
    'expect',
    'user-agent',
    'x-amzn-trace-id',
]

httpx_auth on the other hand works with a include list approach.

Why?

Colin Bounouar · Answer 1 · Thu Feb 17 2022 05:05:44 GMT+0800 (China Standard Time)

Could you tell me what the issue is with this behavior?

ie: you need to exclude some header because of a specific issue?

Florian Ludwig · Answer 2 · Fri Apr 29 2022 22:41:58 GMT+0800 (China Standard Time)

I don't have an issue or specific use case. I was just comparing what boto does with what your code does. And wondered why they behave differently.

Colin Bounouar · Answer 3 · Sun Feb 18 2024 03:15:04 GMT+0800 (China Standard Time)

Hi @FlorianLudwig , latest version now behaves as documented by AWS. You can specify "*" in the headers to include if you want all of them.