refactor: extractSignedHeaders() handles headers removed by Go http server (#4054)

* refactor: extractSignedHeaders() handles headers removed by Go http server. * Cleanup extractSignedHeaders() TestExtractSignedHeaders()
2025-11-09 05:34:56 -05:00 · 2017-04-05 17:00:24 -07:00
parent af82d27018
commit 1d99a560e3
6 changed files with 59 additions and 73 deletions
--- a/cmd/signature-v4-utils.go
+++ b/cmd/signature-v4-utils.go
@@ -21,6 +21,7 @@ import (
 	"encoding/hex"
 	"net/http"
 	"regexp"
+	"strconv"
 	"strings"
 	"unicode/utf8"

@@ -119,7 +120,14 @@ func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header,
 		// `host` will not be found in the headers, can be found in r.Host.
 		// but its alway necessary that the list of signed headers containing host in it.
 		val, ok := reqHeaders[http.CanonicalHeaderKey(header)]
-		if !ok {
+		if ok {
+			for _, enc := range val {
+				extractedSignedHeaders.Add(header, enc)
+			}
+			continue
+		}
+		switch header {
+		case "expect":
 			// Golang http server strips off 'Expect' header, if the
 			// client sent this as part of signed headers we need to
 			// handle otherwise we would see a signature mismatch.
@@ -136,24 +144,23 @@ func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header,
 			// be sent, for the time being keep this work around.
 			// Adding a *TODO* to remove this later when Golang server
 			// doesn't filter out the 'Expect' header.
-			if header == "expect" {
-				extractedSignedHeaders[header] = []string{"100-continue"}
-				continue
+			extractedSignedHeaders.Set(header, "100-continue")
+		case "host":
+			// Go http server removes "host" from Request.Header
+			extractedSignedHeaders.Set(header, r.Host)
+		case "transfer-encoding":
+			// Go http server removes "host" from Request.Header
+			for _, enc := range r.TransferEncoding {
+				extractedSignedHeaders.Add(header, enc)
 			}
-			// the "host" field will not be found in the header map, it can be found in req.Host.
-			// but its necessary to make sure that the "host" field exists in the list of signed parameters,
-			// the check is done above.
-			if header == "host" {
-				continue
-			}
-			if header == "transfer-encoding" {
-				extractedSignedHeaders[header] = r.TransferEncoding
-				continue
-			}
-			// If not found continue, we will stop here.
+		case "content-length":
+			// Signature-V4 spec excludes Content-Length from signed headers list for signature calculation.
+			// But some clients deviate from this rule. Hence we consider Content-Length for signature
+			// calculation to be compatible with such clients.
+			extractedSignedHeaders.Set(header, strconv.FormatInt(r.ContentLength, 10))
+		default:
 			return nil, ErrUnsignedHeaders
 		}
-		extractedSignedHeaders[header] = val
 	}
 	return extractedSignedHeaders, ErrNone
 }