aws-sdk-s3 1.47.0 → 1.48.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a24aa598e8dac5c2bd238c3924e56fa7c7ada90
-  data.tar.gz: f4392ea82d795e2b860b1521428c47ccb4aa4b32
+  metadata.gz: 319056c94ca960081c35e30f55762087e95c5513
+  data.tar.gz: 30d3ed780e81e52a362aa3b22defe075f2fdf1b7
 SHA512:
-  metadata.gz: 6a73262511429d42b70c28ef0c7168955151d5a056102b68c6af289da73300ff2b6c541cb99a17e52aa7862dd463c435b6e78dd9856a42845393d17ff07a35e7
-  data.tar.gz: ae61dbd0beeb583b6c55d5306c0b2cebdc8e982dd7cef9ba661dd579ff53707b0c69f501a5bc84e57ed671a4394d3156bbb8e73728bb56530e1505b0f98657fa
+  metadata.gz: c3b1e34a59439b184b63a3e8cb104bb192193c1a455bcacc1fed2f23b389fa68e2383e7ed5072c95e2851ecb2e0c9f67c2a78831e7a885202be2280801764f89
+  data.tar.gz: 7bf411cd7dac2b1e3dc3089fdebd1487f8e64c571707314d5de24b6d169bc591e74101e0542a463abf6500629679aac932f615127bb5b9e36b953ac51b451603

data/lib/aws-sdk-s3.rb

@@ -63,6 +63,6 @@ require_relative 'aws-sdk-s3/event_streams'
 # @service
 module Aws::S3
 
-  GEM_VERSION = '1.47.0'
+  GEM_VERSION = '1.48.0'
 
 end

data/lib/aws-sdk-s3/client.rb

@@ -7099,7 +7099,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.47.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-s3/presigner.rb

@@ -16,6 +16,25 @@ module Aws
       # @api private
       FIFTEEN_MINUTES = 60 * 15
 
+      BLACKLISTED_HEADERS = [
+        'accept',
+        'cache-control',
+        'content-length', # due to a ELB bug
+        'expect',
+        'from',
+        'if-match',
+        'if-none-match',
+        'if-modified-since',
+        'if-unmodified-since',
+        'if-range',
+        'max-forwards',
+        'pragma',
+        'proxy-authorization',
+        'referer',
+        'te',
+        'user-agent'
+      ].freeze
+
       # @option options [Client] :client Optionally provide an existing
       #   S3 client
       def initialize(options = {})
@@ -31,8 +50,8 @@ module Aws
       #   attempts to set this value to greater than one week (604800) will
       #   raise an exception.
       #
-      # @option params [Time] :time (Time.now) The starting time before the
-      #   presigned url becomes active. Defaults to Time.now.
+      # @option params [Time] :time (Time.now) The starting time for when the
+      #   presigned url becomes active.
       #
       # @option params [Boolean] :secure (true) When `false`, a HTTP URL
       #   is returned instead of the default HTTPS URL.
@@ -41,8 +60,15 @@ module Aws
       #   bucket name will be used as the hostname. This will cause
       #   the returned URL to be 'http' and not 'https'.
       #
-      # @option params [Boolean] :use_accelerate_endpoint (false) When `true`, Presigner
-      #   will attempt to use accelerated endpoint
+      # @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
+      #   Presigner will attempt to use accelerated endpoint.
+      #
+      # @option params [Array<String>] :whitelist_headers ([]) Additional
+      #   headers to be included for the signed request. Certain headers beyond
+      #   the authorization header could, in theory, be changed for various
+      #   reasons (including but not limited to proxies) while in transit and
+      #   after signing. This would lead to signature errors being returned,
+      #   despite no actual problems with signing. (see BLACKLISTED_HEADERS)
       #
       # @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
       #   exceeds one week.
@@ -53,11 +79,14 @@ module Aws
         end
         virtual_host = !!params.delete(:virtual_host)
         time = params.delete(:time)
+        whitelisted_headers = params.delete(:whitelist_headers) || []
+        unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers
         scheme = http_scheme(params, virtual_host)
 
         req = @client.build_request(method, params)
         use_bucket_as_hostname(req) if virtual_host
-        sign_but_dont_send(req, expires_in(params), scheme, time)
+
+        sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers)
         req.send_request.data
       end
 
@@ -72,7 +101,7 @@ module Aws
       end
 
       def expires_in(params)
-        if expires_in = params.delete(:expires_in)
+        if (expires_in = params.delete(:expires_in))
           if expires_in > ONE_WEEK
             msg = "expires_in value of #{expires_in} exceeds one-week maximum"
             raise ArgumentError, msg
@@ -96,17 +125,16 @@ module Aws
       end
 
       # @param [Seahorse::Client::Request] req
-      def sign_but_dont_send(req, expires_in, scheme, time)
-
+      def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers)
         http_req = req.context.http_request
 
         req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
         req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
         req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
 
-        signer = build_signer(req.context.config)
-        req.context[:presigned_url] = true
+        signer = build_signer(req.context.config, unsigned_headers)
 
+        req.context[:presigned_url] = true
         req.handle(step: :send) do |context|
 
           if scheme != http_req.endpoint.scheme
@@ -140,34 +168,15 @@ module Aws
         end
       end
 
-      def build_signer(cfg)
+      def build_signer(cfg, unsigned_headers)
         Aws::Sigv4::Signer.new(
           service: 's3',
           region: cfg.region,
           credentials_provider: cfg.credentials,
-          unsigned_headers: [
-            'cache-control',
-            'content-length', # due to a ELB bug
-            'expect',
-            'max-forwards',
-            'pragma',
-            'te',
-            'if-match',
-            'if-none-match',
-            'if-modified-since',
-            'if-unmodified-since',
-            'if-range',
-            'accept',
-            'proxy-authorization',
-            'from',
-            'referer',
-            'user-agent',
-            'x-amzn-trace-id'
-          ],
+          unsigned_headers: unsigned_headers,
           uri_escape_path: false
         )
       end
-
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-s3
 version: !ruby/object:Gem::Version
-  version: 1.47.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-28 00:00:00.000000000 Z
+date: 2019-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-kms