fix(sigv4): Do not chunk GET/HEAD on Web

Dillon Nys · dnys1 · commit f7a987ce940e · 2022-06-20T14:01:32.000-07:00
Since chunked requests require a body (even for empty payloads), they cannot be sent on Web platforms since the browser APIs (XMLHttpRequest/fetch) disallow bodies for these methods.

commit-id:8ff66847
diff --git a/packages/aws_signature_v4/lib/src/configuration/services/s3.dart b/packages/aws_signature_v4/lib/src/configuration/services/s3.dart
@@ -104,6 +104,20 @@ class S3ServiceConfiguration extends BaseServiceConfiguration {
     return decodedLength + metadataLength;
   }
 
+  /// Whether [request] should be chunked, given the environment and whether
+  /// chunking was requested.
+  bool _shouldChunk(AWSBaseHttpRequest request) {
+    var isChunkableMethod = true;
+    if (zIsWeb) {
+      // Browser APIs (XMLHttpRequest, fetch) disallow sending bodies for these
+      // methods and, thus, chunked requests are not possible and we should not
+      // try.
+      isChunkableMethod = request.method != AWSHttpMethod.get &&
+          request.method != AWSHttpMethod.head;
+    }
+    return chunked && isChunkableMethod;
+  }
+
   @override
   void applySigned(
     Map<String, String> headers, {
@@ -122,7 +136,7 @@ class S3ServiceConfiguration extends BaseServiceConfiguration {
       contentLength: contentLength,
     );
 
-    if (chunked) {
+    if (_shouldChunk(request)) {
       // Raw size of the data to be sent, before compression and without metadata.
       headers[AWSHeaders.decodedContentLength] = contentLength.toString();
 
@@ -148,7 +162,7 @@ class S3ServiceConfiguration extends BaseServiceConfiguration {
     required bool presignedUrl,
   }) async {
     // Only unchunked, signed requests are hashed as other services would be.
-    if (signPayload && !chunked) {
+    if (signPayload && !_shouldChunk(request)) {
       return super.hashPayload(request, presignedUrl: presignedUrl);
     }
     return hashPayloadSync(request, presignedUrl: presignedUrl);
@@ -162,7 +176,7 @@ class S3ServiceConfiguration extends BaseServiceConfiguration {
     if (presignedUrl || !signPayload) {
       return unsignedPayloadHash;
     }
-    if (chunked) {
+    if (_shouldChunk(request)) {
       return chunkedPayloadSeedHash;
     }
     return super.hashPayloadSync(request, presignedUrl: presignedUrl);
@@ -177,7 +191,9 @@ class S3ServiceConfiguration extends BaseServiceConfiguration {
     required AWSCredentialScope credentialScope,
     required CanonicalRequest canonicalRequest,
   }) async* {
-    if (canonicalRequest.presignedUrl || !signPayload || !chunked) {
+    if (canonicalRequest.presignedUrl ||
+        !signPayload ||
+        !_shouldChunk(canonicalRequest.request)) {
       yield* super.signBody(
         algorithm: algorithm,
         contentLength: contentLength,
diff --git a/packages/aws_signature_v4/test/s3/s3_service_configuration_test.dart b/packages/aws_signature_v4/test/s3/s3_service_configuration_test.dart
@@ -16,6 +16,8 @@ import 'package:aws_common/aws_common.dart';
 import 'package:aws_signature_v4/aws_signature_v4.dart';
 import 'package:test/test.dart';
 
+import '../common.dart';
+
 void main() {
   const bodyHash =
       '44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072';
@@ -84,5 +86,66 @@ void main() {
         throwsA(isA<AssertionError>()),
       );
     });
+
+    group(
+      'GET/HEAD do not contain body on Web',
+      () {
+        final request = AWSHttpRequest.get(Uri.parse('https://example.com'));
+        const signer = AWSSigV4Signer(
+          credentialsProvider: AWSCredentialsProvider(dummyCredentials),
+        );
+        final serviceConfigurations = [
+          S3ServiceConfiguration(chunked: true, signPayload: true),
+          S3ServiceConfiguration(chunked: false, signPayload: true),
+          S3ServiceConfiguration(chunked: false, signPayload: false),
+        ];
+
+        void expectNoContentLength(Iterable<String> signedHeaders) {
+          expect(
+            CaseInsensitiveSet(signedHeaders),
+            isNot(contains(AWSHeaders.contentLength)),
+          );
+        }
+
+        group('sign', () {
+          for (final serviceConfiguration in serviceConfigurations) {
+            test(
+              'chunked=${serviceConfiguration.chunked}, '
+              'signPayload=${serviceConfiguration.signPayload}',
+              () async {
+                final signedRequest = await signer.sign(
+                  request,
+                  credentialScope: dummyCredentialScope,
+                  serviceConfiguration: serviceConfiguration,
+                );
+                expectNoContentLength(
+                  signedRequest.canonicalRequest.signedHeaders,
+                );
+              },
+            );
+          }
+        });
+
+        group('signSync', () {
+          for (final serviceConfiguration in serviceConfigurations) {
+            test(
+              'chunked=${serviceConfiguration.chunked}, '
+              'signPayload=${serviceConfiguration.signPayload}',
+              () {
+                final signedRequest = signer.signSync(
+                  request,
+                  credentialScope: dummyCredentialScope,
+                  serviceConfiguration: serviceConfiguration,
+                );
+                expectNoContentLength(
+                  signedRequest.canonicalRequest.signedHeaders,
+                );
+              },
+            );
+          }
+        });
+      },
+      testOn: 'browser',
+    );
   });
 }
