Merge pull request #1725 from versity/sis/sigv4-expect-header

fix: removes Expect from sigv4 ignored headers list
2026-01-10 05:17:25 +00:00 · 2026-01-03 20:49:21 -08:00
parent 01552b78c7 9f6bf183f4
commit 10ab569277
5 changed files with 40 additions and 3 deletions
--- a/aws/signer/internal/v4/headers.go
+++ b/aws/signer/internal/v4/headers.go
@@ -8,7 +8,8 @@ var IgnoredHeaders = Rules{
 			// some clients use user-agent in signed headers
 			// "User-Agent":      struct{}{},
 			"X-Amzn-Trace-Id": struct{}{},
-			"Expect":          struct{}{},
+			// Expect might appear in signed headers
+			// "Expect":          struct{}{},
 		},
 	},
 }
--- a/aws/signer/internal/v4/headers_test.go
+++ b/aws/signer/internal/v4/headers_test.go
@@ -41,7 +41,7 @@ func TestIgnoredHeaders(t *testing.T) {
 	}{
 		"expect": {
 			Header:        "Expect",
-			ExpectIgnored: true,
+			ExpectIgnored: false,
 		},
 		"authorization": {
 			Header:        "Authorization",
--- a/tests/integration/group-tests.go
+++ b/tests/integration/group-tests.go
@@ -38,6 +38,7 @@ func TestAuthentication(ts *TestState) {
 	ts.Run(Authentication_invalid_sha256_payload_hash)
 	ts.Run(Authentication_md5)
 	ts.Run(Authentication_signature_error_incorrect_secret_key)
+	ts.Run(Authentication_with_expect_header)
 }

 func TestPresignedAuthentication(ts *TestState) {
@@ -1164,6 +1165,7 @@ func GetIntTests() IntTests {
 		"Authentication_invalid_sha256_payload_hash":                               Authentication_invalid_sha256_payload_hash,
 		"Authentication_md5":                                                       Authentication_md5,
 		"Authentication_signature_error_incorrect_secret_key":                      Authentication_signature_error_incorrect_secret_key,
+		"Authentication_with_expect_header":                                        Authentication_with_expect_header,
 		"PresignedAuth_security_token_not_supported":                               PresignedAuth_security_token_not_supported,
 		"PresignedAuth_unsupported_algorithm":                                      PresignedAuth_unsupported_algorithm,
 		"PresignedAuth_ECDSA_not_supported":                                        PresignedAuth_ECDSA_not_supported,
--- a/tests/integration/sigv4_auth.go
+++ b/tests/integration/sigv4_auth.go
@@ -563,3 +563,36 @@ func Authentication_signature_error_incorrect_secret_key(s *S3Conf) error {
 		return checkHTTPResponseApiErr(resp, s3err.GetAPIError(s3err.ErrSignatureDoesNotMatch))
 	})
 }
+
+func Authentication_with_expect_header(s *S3Conf) error {
+	testName := "Authentication_with_expect_header"
+	bucket, object := getBucketName(), "object"
+	return authHandler(s, &authConfig{
+		testName: testName,
+		method:   http.MethodPut,
+		body:     []byte("dummy data"),
+		service:  "s3",
+		date:     time.Now(),
+		path:     fmt.Sprintf("%s/%s", bucket, object),
+		headers: map[string]string{
+			"Expect": "100-continue",
+		},
+	}, func(req *http.Request) error {
+		err := setup(s, bucket)
+		if err != nil {
+			return err
+		}
+
+		resp, err := s.httpClient.Do(req)
+		if err != nil {
+			return err
+		}
+
+		if resp.StatusCode != 200 {
+			return fmt.Errorf("expected the response status to be 200, instead got %v", resp.StatusCode)
+		}
+
+		err = teardown(s, bucket)
+		return err
+	})
+}
--- a/tests/integration/utils.go
+++ b/tests/integration/utils.go
@@ -286,11 +286,12 @@ type authConfig struct {
 	body     []byte
 	service  string
 	date     time.Time
+	headers  map[string]string
 }

 func authHandler(s *S3Conf, cfg *authConfig, handler func(req *http.Request) error) error {
 	runF(cfg.testName)
-	req, err := createSignedReq(cfg.method, s.endpoint, cfg.path, s.awsID, s.awsSecret, cfg.service, s.awsRegion, cfg.body, cfg.date, nil)
+	req, err := createSignedReq(cfg.method, s.endpoint, cfg.path, s.awsID, s.awsSecret, cfg.service, s.awsRegion, cfg.body, cfg.date, cfg.headers)
 	if err != nil {
 		failF("%v: %v", cfg.testName, err)
 		return fmt.Errorf("%v: %w", cfg.testName, err)