adutra commented on PR #15171:
URL: https://github.com/apache/iceberg/pull/15171#issuecomment-3998476635
So, I pushed a commit with my current set of unsigned headers:
```java
Set.of(
// Excluded by
software.amazon.awssdk.http.auth.aws.internal.signer.V4CanonicalRequest
"connection",
"expect",
"transfer-encoding",
"user-agent",
"x-amzn-trace-id",
"x-forwarded-for",
// S3-specific headers
"range",
// AWS SDK debug headers
"amz-sdk-invocation-id",
"amz-sdk-retry",
// Conditional headers
"if-match",
"if-modified-since",
"if-none-match",
"if-unmodified-since",
// Transient headers
"keep-alive",
"proxy-authenticate",
"proxy-authorization",
"referer",
"te",
"trailer",
"upgrade");
```
> content-type actually needs to be in, minio rejects PUT to create a bucket
without it being signed
I think so too. It's funny because [AWS
docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request)
contradict themselves. First they say:
> If the Content-Type header is present in the request, you must add it to
the CanonicalHeaders list.
But later on they say:
> You can optionally include other standard headers in the signature, such
as content-type.
In the end, it seems it's a mandatory header.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
