AWS Signature Verification Fails when variables used in request body #684
Comments
|
The content-length header also is incorrect when using variables in these request bodies. Additionally, I do not see the x-amz-content-sha256 header present either so there appear to be multiple issues that will need addressed |
|
The incorrect Content-Length and the Invalid Authorization Header can be explained by the fact that I chose the wrong order for processing. The header was created first and then the body variables were replaced. I have now reversed the order. |
|
Ok. If I understand the documentation and the Java code for signing correctly, the header is only required for S3 and not otherwise. In this case, however, the lib inserts the header. So if it does cause problems, please let me know. I wouldn't change the functionality now, but I don't have an AWS account for testing. |
|
Awesome! Thank you for turning that around so quickly. As a workaround for ordering I set the request.body in a pre request script and that made the signature valid but difficult to read and understand. |
|
After performing the workaround with the prescript everything went through fine so for my case it turns out the sha header is not required |
|
Thx for your Feedback. I will close this issue as completed. |
|
Not sure if it's related, but I have found that requests also fail if there is any query string at all (using latest version). Could it be a similar issue? |
|
@LaurenceGA should be not related, but I will test. Ist this behaviour a new issue? |
|
@LaurenceGA I accidentally did not insert the Query parameter in the signing request. This will be fixed with the next release. |
|
@AnWeber Awesome, thank you 🙏 |
If I use any variables in an AWS request it fails signature verification. It looks like variables may not be getting replaced in the body before signing resulting in invalid signatures
The text was updated successfully, but these errors were encountered: