fix: 🐛 Fix sigining countercheck because of additional enforced headers.

Hobart2967 · Oct 2, 2023 · 8b03a13 · 8b03a13
1 parent 322f005
commit 8b03a13
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/services/request-verification.service.ts b/src/services/request-verification.service.ts
@@ -95,6 +95,15 @@ export class RequestVerificationService {
 
     const headers = this.getCleansedHeaders(request, incomingSignature);
 
+    const extraHeadersToIgnore =
+      Object
+        .keys(request.headers)
+        .map(x => x.toLowerCase())
+        .filter(x => !incomingSignature.signedHeaders.includes(x))
+        .reduce((prev, cur) => ({ ...prev, [cur]: true }), {});
+
+    this._logger.debug('Ignored headers upon signing: ' + JSON.stringify(extraHeadersToIgnore));
+
     const signedCounterCheckRequest = this._signatureService.signRequestData(
       accessKeyId,
       secretKey, {
@@ -104,8 +113,9 @@ export class RequestVerificationService {
         body: request.rawBody || request.body || undefined,
         service: incomingSignature.credential.service,
         headers,
-        region: incomingSignature.credential.region
-      });
+        region: incomingSignature.credential.region,
+        extraHeadersToIgnore
+      } as any);
 
     const resultHeaders = signedCounterCheckRequest.headers as OutgoingHttpHeaders;
     if (resultHeaders['Authorization']) {