-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mutating inputs can result in broken requests #164
Comments
Yes, it's part of the (current) API that it mutates its inputs instead of returning new ones. This was a deliberate decision so that That said – the fact that It would be a breaking change, so would have to be in scope for a v2 |
Thinking about this some more. I wonder if it's ok to have both. I think the main concern is just modifying the nested I think that might be ok to update on a minor. |
(I note your fix for aws-lite has a JSON.parse/JSON.stringify combo – I wouldn't do that for perf reasons tbh, especially for large bodies – plus you never know if ppl are passing in weird inputs that don't JSON well) |
Ok, published as 1.13.0 🙌 – now, go remove that awful |
@mhart ha, yeah, was 5 hours into tracing this bug on a holiday, and brain just ready to not brain anymore. 😅 Thank you! |
Goddammit. #165 https://xkcd.com/1172/ |
@mhart omg that xkcd, far too true. In all seriousness: I'll def advocate in favor of your 1.13 release as-is – it's the correct approach (in my opinion) and sometimes bug fixes do introduce breaking changes. That said, if you opt to revert it and re-publish as 2.0 (or whatever), I'm totally fine with that, it's all good. Whatever is most favorable to your mental and emotional wellbeing! 💕 |
Description
aws4
may mutates its inputs when signing requests instead of creating and returning new data. This may cause issues if, for example, a singleheaders
object is used when signing multiple requests.Reproduction steps
In this example, two requests are signed, yet the
content-length
from the first request is carried over to the second, resulting in a broken HTTP request:To me, ideally, my inputs (e.g. headers) should not be mutated when passed to
aws4
for signing.I have not audited the entire codebase for other potential mutations of inputs beyond headers (link), but hopefully this issue is generic enough to accurately describe a variety of errata we've been seeing in
aws-lite
.Thanks! <3
The text was updated successfully, but these errors were encountered: