Comments (7)
lucix-aws
commented on June 9, 2024
@sarahzinger -- Is your custom HTTP client implementation modifying the request in any way? (it's not immediately clear to me from the linked code)
Modifying the request within the HTTP client itself is liable to invalidate the request signature.
from aws-sdk-go.
github-actions
commented on June 9, 2024
This issue has not received a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.
from aws-sdk-go.
dafydd-t
commented on June 9, 2024
Hi @lucix-aws . We send the request via a SOCKs proxy, but the request is not modified in any way. As the code shows, however, we do replace the HTTPClient's transport to use our Transport which contains the socks dialer.
I wonder, what is happening within your transport that might cause replacing it to invalidate the signature?
from aws-sdk-go.
lucix-aws
commented on June 9, 2024
I wonder, what is happening within your transport that might cause replacing it to invalidate the signature?
As far as we're concerned the SDK is just using the default net/http client (not literally http.DefaultClient per se but we are using the standard library's implementation)
Note that I'm not necessarily just talking about mutation of the request, extension (generally via additional headers inserted by the proxy) can also invalidate the signature. We've seen this happen fairly often with inserting proxies into the request workflow - generally the proxy will add a forwarding header (usually X-Forwarded-For) which breaks the signature, which is calculated using all X-* headers.
from aws-sdk-go.
dafydd-t
commented on June 9, 2024
I am quite sure that the use of the SOCKS proxy dialer is completely transparent to the target of the original request: The socks proxy we use can forward any TCP requests, so it would not make any changes specific to the HTTP protocol (like headers).
Are anything other than X-* headers used to calculate the signature?
from aws-sdk-go.
lucix-aws
commented on June 9, 2024
You can read more about the sigv4 algorithm here.
Beyond that though I'm going to close this issue. If the default configuration is working, and a caller-provided custom transport causes the issue to surface, we can only assume it's a fault of that customization absent evidence to the contrary. The only advice I can give you based on this information is to compare requests as outgoing from the SDK and as outgoing from the proxy to verify whether anything is being changed.
from aws-sdk-go.
github-actions
commented on June 9, 2024
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
from aws-sdk-go.
Related Issues (20)
- Gets an empty Access Policy for Cloud Search Domain HOT 4
- Add a function to get Cloud Search Domain Tags HOT 2
- PutObjectWithContext SerializationError: failed to determine start of request body HOT 2
- Cost Explorer Api. Can't group request by Tag. HOT 2
- Support EFS replication overwrite protection values HOT 4
- Token provider in EC2 metadata does not respect the logging decision HOT 3
- Context canceled error on sfn.StartExecutionWithContext after lib update HOT 2
- Failed to create fleet instance: InvalidParameterValue: Parameter 'amiIdList' cannot be empty. HOT 2
- No EC2 IMDS role found HOT 4
- S3 GetObjectRequest flakily has empty RequestID HOT 2
- RequestContext.Authorizer differs between REST gateway vs HTTP gateway HOT 2
- sso-session config file section doen't work. HOT 7
- identitystore apis failing with url error HOT 2
- Panic / segfault (SIGSEGV) during an active EC2 ssh session (with aws ssm & SSO) HOT 2
- PutObject does not add Content-Length in the headers when it is specified in the parameters and the body is not Seekable HOT 2
- Calling ListBucket result error, only return partial result HOT 1
- SSO Cache filename should be based on `sso_session` in addition to `sso_start_url` HOT 4
- For outbound https/tls connections please have the tls server name set HOT 2
- No paginator for DescribeLockedSnapshots?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-sdk-go.