Skip to content

SigV4a: Add host header only when not already provided #6310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 31, 2025
Merged

SigV4a: Add host header only when not already provided #6310

merged 2 commits into from
Jul 31, 2025

Conversation

joviegas
Copy link
Contributor

@joviegas joviegas commented Jul 31, 2025
edited
Loading

Motivation and Context

This change enables host header override functionality for SigV4a signing, bringing it to parity with SigV4 signing behavior.

Background: In PR #5608, we fixed SigV4 signing to respect pre-existing Host headers rather than always overriding them. This was necessary for use cases like:

  • Transparent proxies that rely on the Host header for routing
  • Custom routing scenarios where the Host header differs from the endpoint

Current issue: The same fix was not applied to the SigV4a signing path, causing host header overrides to be ignored when using SigV4a.

Impact: Enhance SigV4a support such that customers expect host header override to work consistently across both signing algorithms.

Modifications

  • Added host header existence check in CrtUtils.java before setting the host header in SigV4a signing flow
  • This mirrors the fix previously applied to SigV4 signing in PR SigV4: Add host header only when not already provided #5608
  • Ensures that if a Host header is already present in the request, it will not be overwritten during SigV4a signing

Testing

  • Reproduced the issue using the provided test case showing SigV4 works but SigV4a fails
  • Verified that with this change, both SigV4 and SigV4a respect pre-existing Host headers
  • Regression tested to ensure default behavior (no pre-existing Host header) continues to work

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

License

  • I confirm that this pull request can be released under the Apache 2 license

@joviegas joviegas requested a review from a team as a code owner July 31, 2025 19:21
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@joviegas joviegas added this pull request to the merge queue Jul 31, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jul 31, 2025
@joviegas joviegas added this pull request to the merge queue Jul 31, 2025
Merged via the queue into master with commit 1d86fde Jul 31, 2025
42 checks passed
@github-actions GitHub Actions
Copy link

This pull request has been closed and the conversation has been locked. Comments on closed PRs are hard for our team to see. If you need more assistance, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 31, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zoewangg zoewangg zoewangg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joviegas @zoewangg